On Wed Nov 8, 2023 at 10:37 AM CET, Viresh Kumar wrote:
On Wed Nov 8, 2023 at 8:55 AM CET, Viresh Kumar wrote:
For clarification, in case there is any doubt:
Device - the backend running on the host. Driver - the guest kernel driver (frontend).
On 08-11-23, 08:41, Erik Schilling wrote:
On Fri Nov 3, 2023 at 11:42 AM CET, Viresh Kumar wrote:
+The driver MUST NOT access memory locations outside what's presented by +the device.
I get what this is trying to state, but I am worried whether this is a bit ambigious... A driver surely will access driver-private, virtio-unrelated data, right?
Yeah, but that isn't part of backend's memory but the guest itself. The spec doesn't need to talk about such a memory.
Exactly :). But my feeling was that - strictly speaking - the statement may be understood in that way.
Also, what does "presented" mean?
Made available for the frontend to use. This word is used few times in the spec, maybe I should choose a different word here ?
Ok, if it has established use then that is fine. I am a bit confused though... Why do we need to restrict access to memory that is NOT presented? The device won't see memory that was not presented to it by
s/device/driver/ ?
Yes.
the driver. Or am I misunderstanding the term here? What is the
s/driver/device/ ?
Also yes... I need more tea...
difference between driver-private memory and memory not presented to the device?
I have not found a clear definition of what is meant by "presenting" in the remaining spec. So chances are that I am misunderstanding something here.
Just to clarify, what we are talking about is the device memory accessible at the driver. For a MMIO device, it is a range of length 0x200 per device. The MMIO section also says this:
"The driver MUST NOT access memory locations not described in the table 4.1."
The table here talks about the memory space of 0x200 bytes.
What I am trying to say is that the driver shouldn't try to access anything beyond this 0x200 memory region. Not sure how it works for PCI and Channel I/O though.
OK. I fear I have no suggestions on how to make that more clear... Maybe just sneaking in a "shared memory" somewhere makes the intent a little more clear. But it still seems to remain somewhat fuzzy...