| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1c08bc42-7448-351e-78bf-fcf68d2b2561@redhat.com>
Date: Thu, 3 Jun 2021 10:32:40 +0800
From: Jason Wang <jasowang@...hat.com>
To: Andi Kleen <ak@...ux.intel.com>, mst@...hat.com
Cc: virtualization@...ts.linux-foundation.org, hch@....de,
m.szyprowski@...sung.com, robin.murphy@....com,
iommu@...ts.linux-foundation.org, x86@...nel.org,
sathyanarayanan.kuppuswamy@...ux.intel.com, jpoimboe@...hat.com,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH v1 1/8] virtio: Force only split mode with protected guest
在 2021/6/3 上午9:48, Andi Kleen 写道:
>
>> So we will see huge performance regression without indirect
>> descriptor. We need to consider to address this.
>
> A regression would be when some existing case would be slower.
>
> That's not the case because the behavior for the existing cases does
> not change.
>
> Anyways when there are performance problems they can be addressed, but
> first is to make it secure.
I agree, but I want to know why indirect descriptor needs to be
disabled. The table can't be wrote by the device since it's not coherent
swiotlb mapping.
Thanks
>
> -Andi
>
>
>>
>> Thanks
>>
>>
>>> break;
>>> case VIRTIO_RING_F_EVENT_IDX:
>>> break;
>>> @@ -2231,9 +2240,12 @@ void vring_transport_features(struct
>>> virtio_device *vdev)
>>> case VIRTIO_F_ACCESS_PLATFORM:
>>> break;
>>> case VIRTIO_F_RING_PACKED:
>>> + if (protected_guest_has(VM_MEM_ENCRYPT))
>>> + goto clear;
>>> break;
>>> case VIRTIO_F_ORDER_PLATFORM:
>>> break;
>>> + clear:
>>> default:
>>> /* We don't understand this bit. */
>>> __virtio_clear_bit(vdev, i);
>>
>
Powered by blists - more mailing lists