Hi Barry, On Thu, 7 Oct 2021 18:43:33 +1300, Barry Song <[email protected]> wrote:
> > > Security-wise, KVA respects kernel mapping. So permissions are better > > > enforced than pass-through and identity mapping. > > > > Is this meaningful? Isn't the entire physical map still in the KVA and > > isn't it entirely RW ? > > Some areas are RX, for example, ARCH64 supports KERNEL_TEXT_RDONLY. > But the difference is really minor. That brought up a good point if we were to use DMA API to give out KVA as dma_addr for trusted devices. We cannot satisfy DMA direction requirements since we can't change kernel mapping. It will be similar to DMA direct where dir is ignored AFAICT. Or we are saying if the device is trusted, using pass-through is allowed. i.e. physical address. Thoughts? Thanks, Jacob _______________________________________________ iommu mailing list [email protected] https://lists.linuxfoundation.org/mailman/listinfo/iommu
