[PATCH 1/2] ARM: kvm: define PAGE_S2_DEVICE as read-only by default
Mario Smarduch
m.smarduch at samsung.com
Wed Sep 17 12:19:50 PDT 2014
On 09/14/2014 03:57 PM, Ard Biesheuvel wrote:
>
> Never mind. I read the whole thread this time.
>
> So, in summary, there is a concern that a malicious guest may request
> a cachable mapping for a device range, in an attempt to manipulate the
> VGIC or other device memory of another VM.
> I think that concern only applies to writable mappings, so perhaps we
> should just change
>
> if (kvm_is_mmio_pfn(pfn))
>
> to
>
> if (kvm_is_mmio_pfn(pfn) && writable)
Hi Ard,
What if the device passed through is read-only like maybe IPMI
sensors.
>
> and be done with it (which is coincidentally the very first naive fix
> I suggested for the issue i was seeing)
> That way, we never map read-only MMIO regions writable, and rely on
> the MT_DEVICE trumps MT_NORMAL rule to ensure the guest reads to those
> regions are uncached.
> (Wouldn't hurt to add a comment to explain it, I suppose)
>
More information about the linux-arm-kernel
mailing list