On Thu, Oct 07, 2021 at 12:11:27PM -0700, Jacob Pan wrote: > Hi Barry, > > On Thu, 7 Oct 2021 18:43:33 +1300, Barry Song <[email protected]> wrote: > > > > > Security-wise, KVA respects kernel mapping. So permissions are better > > > > enforced than pass-through and identity mapping. > > > > > > Is this meaningful? Isn't the entire physical map still in the KVA and > > > isn't it entirely RW ? > > > > Some areas are RX, for example, ARCH64 supports KERNEL_TEXT_RDONLY. > > But the difference is really minor. > That brought up a good point if we were to use DMA API to give out KVA as > dma_addr for trusted devices. We cannot satisfy DMA direction requirements > since we can't change kernel mapping. It will be similar to DMA direct > where dir is ignored AFAICT.
Right. Using the DMA API to DMA to read only kernel memory is a bug in the first place. > Or we are saying if the device is trusted, using pass-through is allowed. > i.e. physical address. I don't see trusted being relavent here beyond the usual decision to use the trusted map or not. Jason _______________________________________________ iommu mailing list [email protected] https://lists.linuxfoundation.org/mailman/listinfo/iommu
