bodzhang

I tried to look for the [register_iomem()](https://github.com/lsds/sgx-lkl/blob/41c2bac5dcfb0cd3a35fcb9f998c169faae64915/src/lkl/virtio.c#L323) call in src/lkl/virtio.c, and can only find it in [lkl_sub_module/tools/lkl/lib/iomem.c](https://github.com/lsds/lkl/blob/385f721b339fe48b188b4924c2663e1ea2cdeb13/tools/lkl/lib/iomem.c#L23). Is the iomem.c under tools/lkl/lib indeed the code used by the enclave? If...

One solution to mitigate the potential attack of host side manipulating `base`, `config_data`, `config_len`, `queue` (ring buffer descriptors needs further protection, not fully addressed in this proposal), **without changing the...

@davidchisnall , can you confirm my understanding about virtq below? ```C struct virtq { uint32_t num_max; /* device capability, set by host, read by guest */ uint32_t num; /* virtio...

If we are able to keep a shadow copy of the virtq_desc array and virtq_avail array inside the enclave and copy-through guest update to the shadow copy to the virtq_desc/virtq_avail...

@davidchisnall , can you take a look at the calling code of `virtio_notify_host_device` and see whether it's always invoked after any update to virtq_desc/virtq_avail arrays?

It seems that the virtio_blk, virtio_console drivers do invoke `virtqueue_notify` (some code flow calls `virtqueue_kick`, some calls `virtqueue_notify` directly) after updating desc and avail arrays. But the virtio_net code is...

For packed ring, the code in lkl/drivers/virtio/virtio_ring.c does allocate the [desc ring](https://github.com/lsds/lkl/blob/385f721b339fe48b188b4924c2663e1ea2cdeb13/drivers/virtio/virtio_ring.c#L1575) in the host memory and read/write the desc ring, but it seems to keep a copy of the...

#802 to re-enable ethreads=1 tests recommended as p2, shouldn't this issue also be P2?

#802 to re-enable ethreads=1 tests recommended as p2, shouldn't this issue also be P2?

This issue has security implication. Proposed to assign P1.