Re: RFC: virtio-hostmem (+ Continuation of discussion from [virtio-dev] Memory sharing device)

["Michael S. Tsirkin" <mst@redhat.com>]

On Mon, Feb 25, 2019 at 03:08:19PM -0800, Roman Kiryanov wrote:
> Michael, thank you for your comments.
> 
> > I'm not sure how does above answer the comment.
> 
> Sorry for leaving this unclear, our guest driver tells the
> device guest's page size and then we do aligning-unaligning.


This might work. Note that host page size might be different.
If it's bigger host needs to be careful about allocating
full host pages anyway.

> > To try and put things in your terms, if you try to map a range of memory
> > you get access to a page that can be bigger than the range you asked
> > for.
> 
> This is correct.
> 
> >  It can cause two ranges to violate a security boundary, cause
> > information leaks, etc.
> 
> Could you please correct me if I am wrong. If I ask glMapBufferRange
> (without hosts and guests) for a 1K buffer with 4K pages, I will have
> access to other 3K. If a driver decides to put sensitive bits there -
> will this be the same situation?

Sounds similar.

> We assume pages are not shared between processes.
> If this assumption does not work then it is hard to share arbitrary pointers.
> 
> Regards,
> Roman.

Right. Details on how memory is allocated in the proposed scheme are
scant but above I think shows that it can't all be up to guest.


-- 
MST