From: Anthony Liguori <anthony-rdkfGonbjUSkNkDKm+mE6A@public.gmane.org>
To: Avi Kivity <avi-atKUWr5tajBWk0Htik3J/w@public.gmane.org>
Cc: kvm-devel
<kvm-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org>,
lguest <lguest-mnsaURCQ41sdnm+yROfE0A@public.gmane.org>,
virtualization-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org
Subject: Re: [kvm-devel] [RFC PATCH 0/4] Inter-guest virtio I/O example with lguest
Date: Thu, 20 Mar 2008 08:55:13 -0500 [thread overview]
Message-ID: <47E26CC1.8080900@codemonkey.ws> (raw)
In-Reply-To: <47E20A35.2000600-atKUWr5tajBWk0Htik3J/w@public.gmane.org>
Avi Kivity wrote:
> Rusty Russell wrote:
>
>> Hi all,
>>
>> Just finished my prototype of inter-guest virtio, using networking as an
>> example. Each guest mmaps the other's address space and uses a FIFO for
>> notifications.
>>
>>
>>
>
> Isn't that a security hole (hole? chasm)? If the two guests can access
> each other's memory, they might as well be just one guest, and
> communicate internally.
>
Each guest's host userspace mmaps the other guest's address space. The
userspace then does a copy on both the tx and rx paths.
Conceivably, this could be done as a read-only mapping so that each
guest userspace copies only the rx packets. That's about as secure as
you're going to get with this approach I think.
Regards,
Anthony Liguori
> My feeling is that the host needs to copy the data, using dma if
> available. Another option is to have one guest map the other's memory
> for read and write, while the other guest is unprivileged. This allows
> one privileged guest to provide services for other, unprivileged guests,
> like domain 0 or driver domains in Xen.
>
>
next prev parent reply other threads:[~2008-03-20 13:55 UTC|newest]
Thread overview: 53+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-03-20 5:59 [RFC PATCH 0/4] Inter-guest virtio I/O example with lguest Rusty Russell
2008-03-20 6:05 ` [RFC PATCH 1/5] lguest: mmap backing file Rusty Russell
2008-03-20 6:54 ` [kvm-devel] [RFC PATCH 0/4] Inter-guest virtio I/O example with lguest Avi Kivity
2008-03-20 14:11 ` Anthony Liguori
[not found] ` <200803201659.14344.rusty-8n+1lVoiYb80n/F98K4Iww@public.gmane.org>
2008-03-20 6:05 ` [RFC PATCH 1/5] lguest: mmap backing file Rusty Russell
2008-03-20 6:22 ` [RFC PATCH 2/5] lguest: Encapsulate Guest memory ready for dealing with other Guests Rusty Russell
[not found] ` <200803201705.44422.rusty-8n+1lVoiYb80n/F98K4Iww@public.gmane.org>
2008-03-20 6:22 ` Rusty Russell
2008-03-20 6:36 ` [RFC PATCH 3/5] lguest: separate out virtqueue info from device info Rusty Russell
2008-03-20 6:40 ` [RFC PATCH 4/5] lguest: ignore bad virtqueues Rusty Russell
[not found] ` <200803201736.01883.rusty-8n+1lVoiYb80n/F98K4Iww@public.gmane.org>
2008-03-20 6:40 ` Rusty Russell
2008-03-20 6:45 ` [RFC PATCH 5/5] lguest: Inter-guest networking Rusty Russell
2008-03-20 6:45 ` Rusty Russell
2008-03-20 6:36 ` [RFC PATCH 3/5] lguest: separate out virtqueue info from device info Rusty Russell
2008-03-20 14:04 ` [kvm-devel] [RFC PATCH 1/5] lguest: mmap backing file Anthony Liguori
2008-03-20 14:32 ` [Lguest] " Paul TBBle Hampson
2008-03-20 15:07 ` Avi Kivity
[not found] ` <47E26EE1.5030706-rdkfGonbjUSkNkDKm+mE6A@public.gmane.org>
2008-03-20 14:32 ` Paul TBBle Hampson
2008-03-20 15:07 ` Avi Kivity
2008-03-20 15:24 ` Anthony Liguori
2008-03-20 15:24 ` Anthony Liguori
2008-03-20 22:12 ` [kvm-devel] " Rusty Russell
2008-03-20 23:46 ` Anthony Liguori
2008-03-20 23:46 ` Anthony Liguori
2008-03-23 9:11 ` Avi Kivity
2008-03-23 9:11 ` [kvm-devel] " Avi Kivity
2008-03-20 22:12 ` Rusty Russell
2008-03-20 8:16 ` [Lguest] " Tim Post
2008-03-20 8:16 ` Tim Post
2008-03-20 14:07 ` Paul TBBle Hampson
2008-03-21 0:29 ` Rusty Russell
[not found] ` <1206000960.6873.124.camel-bi+AKbBUZKY6gyzm1THtWbp2dZbC/Bob@public.gmane.org>
2008-03-20 14:07 ` Paul TBBle Hampson
2008-03-21 0:29 ` Rusty Russell
2008-03-20 14:04 ` [kvm-devel] " Anthony Liguori
2008-03-20 6:54 ` [kvm-devel] [RFC PATCH 0/4] Inter-guest virtio I/O example with lguest Avi Kivity
2008-03-20 13:55 ` Anthony Liguori
[not found] ` <47E20A35.2000600-atKUWr5tajBWk0Htik3J/w@public.gmane.org>
2008-03-20 13:55 ` Anthony Liguori [this message]
2008-03-20 14:27 ` Avi Kivity
[not found] ` <47E26CC1.8080900-rdkfGonbjUSkNkDKm+mE6A@public.gmane.org>
2008-03-20 14:27 ` Avi Kivity
[not found] ` <47E27461.4090404-atKUWr5tajBWk0Htik3J/w@public.gmane.org>
2008-03-20 14:39 ` Anthony Liguori
2008-03-20 14:55 ` Avi Kivity
2008-03-20 15:05 ` Anthony Liguori
2008-03-20 15:36 ` [kvm-devel] " Avi Kivity
2008-03-20 15:36 ` Avi Kivity
2008-03-20 15:52 ` [kvm-devel] " Anthony Liguori
[not found] ` <47E28482.9010501-atKUWr5tajBWk0Htik3J/w@public.gmane.org>
2008-03-20 15:52 ` Anthony Liguori
2008-03-20 15:05 ` Anthony Liguori
2008-03-20 14:55 ` Avi Kivity
2008-03-20 14:39 ` Anthony Liguori
2008-03-20 22:14 ` Rusty Russell
2008-03-20 22:14 ` [kvm-devel] " Rusty Russell
2008-03-20 14:11 ` Anthony Liguori
2008-03-23 12:05 ` Rusty Russell
2008-03-23 12:05 ` Rusty Russell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=47E26CC1.8080900@codemonkey.ws \
--to=anthony-rdkfgonbjusknkdkm+me6a@public.gmane.org \
--cc=avi-atKUWr5tajBWk0Htik3J/w@public.gmane.org \
--cc=kvm-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org \
--cc=lguest-mnsaURCQ41sdnm+yROfE0A@public.gmane.org \
--cc=virtualization-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.