From mboxrd@z Thu Jan  1 00:00:00 1970
From: Avi Kivity <avi-atKUWr5tajBWk0Htik3J/w@public.gmane.org>
Subject: Re: [PATCH 6/13] KVM: memory slot management
Date: Sun, 29 Oct 2006 11:10:16 +0200
Message-ID: <45446FF8.50502@qumranet.com>
References: <4540EE2B.9020606@qumranet.com> <200610270937.11646.arnd@arndb.de>
	<454208EB.7080007@qumranet.com> <200610271605.27600.arnd@arndb.de>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Cc: kvm-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org, linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
Return-path: <kvm-devel-bounces-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org>
To: Arnd Bergmann <arnd-r2nGTMty4D4@public.gmane.org>
In-Reply-To: <200610271605.27600.arnd-r2nGTMty4D4@public.gmane.org>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/kvm-devel>,
	<mailto:kvm-devel-request-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum=kvm-devel>
List-Post: <mailto:kvm-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org>
List-Help: <mailto:kvm-devel-request-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/kvm-devel>,
	<mailto:kvm-devel-request-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org?subject=subscribe>
Sender: kvm-devel-bounces-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org
Errors-To: kvm-devel-bounces-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org
List-Id: kvm.vger.kernel.org

Arnd Bergmann wrote:
>> It can shoot not only its foot, but anything the monitor's uid has 
>> access to.  Host files, the host network, other guests belonging to the 
>> user, etc.
>>     
>
> Yes, that's what I meant. It's obviously nicer if the guest can't do that,
> but it's a tradeoff of the potential security impact against on how hard
> it is to implement hiding the addresses you don't want your guest to see.
> To put it into other words, do you want the optimal performance, or the
> optimal security?
>
>   

Well, isolation is one of the most significant features of full 
virtualization, both for security and reliability.  I don't think we can 
compromise that.


>> It's worse than I thouht: tlb entries generated by guest accesses are 
>> tagged with the guest virtual address, to if you remove a guest 
>> physical/host virtual page you need to invalidate the entire guest tlb.
>>     
>
> Ok, so it's the HW's fault. They either copied bad or decided doing the
> s390 approach was too expensive.
>   

x86 tradition is to make all possible mistakes before getting a working 
solution.

-- 
error compiling committee.c: too many arguments to function


-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642