Re: [PATCH V3 02/11] PCI: Lock down BAR access when module security is enabled

[Matthew Garrett <matthew.garrett@nebula.com>]

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain; charset="utf-8", Size: 1233 bytes --]

On Wed, 2013-09-04 at 19:58 +0100, David Woodhouse wrote:
> On Wed, 2013-09-04 at 17:04 +0000, Matthew Garrett wrote:

> > How does virt passthrough work in this case? The current situation
> > appears to be that qemu just passes the BARs through to the guest, and
> > it's the guest that sets things up. We'd need to be able to ensure that
> > there's no way the guest driver can cause DMA into the host kernel.
> 
> We set up the IOMMU page tables so that the virtual bus addresses seen
> by the PCI device are 1:1 mapped to the guest "physical" address space.
> 
> That is, what the PCI device sees as a "physical" address is equivalent
> to what the guest sees as a "physical" address space. It can access
> memory which belongs to that guest, and nothing else. So that should be
> fine.

But presumably the guest's view of RAM is what gets written to the BARs?
I guess if we know it's constrained then there's no need to restrict the
addresses that can be set - we know that they'll be unable to overlap
the host RAM.

-- 
Matthew Garrett <matthew.garrett@nebula.com>
ÿôèº{.nÇ+‰·Ÿ®‰­†+%ŠËÿ±éݶ\x17¥Šwÿº{.nÇ+‰·¥Š{±þG«éÿŠ{ayº\x1dʇڙë,j\a­¢f£¢·hšïêÿ‘êçz_è®\x03(­éšŽŠÝ¢j"ú\x1a¶^[m§ÿÿ¾\a«þG«éÿ¢¸?™¨è­Ú&£ø§~á¶iO•æ¬z·švØ^\x14\x04\x1a¶^[m§ÿÿÃ\fÿ¶ìÿ¢¸?–I¥