From: Carsten Otte <cotte-tA70FqPdS9bQT0dZR+AlfA@public.gmane.org>
To: Avi Kivity <avi-atKUWr5tajBWk0Htik3J/w@public.gmane.org>
Cc: carsteno-tA70FqPdS9bQT0dZR+AlfA@public.gmane.org,
"kvm-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org"
<kvm-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org>,
Christian Borntraeger
<cborntra-tA70FqPdS9bQT0dZR+AlfA@public.gmane.org>,
mschwid2-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org
Subject: Re: [PATCH/PFC 0/2] s390 host support
Date: Mon, 30 Apr 2007 16:48:03 +0200 [thread overview]
Message-ID: <463601A3.3070206@de.ibm.com> (raw)
In-Reply-To: <46348661.6000909-atKUWr5tajBWk0Htik3J/w@public.gmane.org>
Avi Kivity wrote:
> Carsten Otte wrote:
>> No, we did not have the need to do that. Now that you mention it, we'd
>> want to move interprocessor signal handling into the kernel anyway for
>> performance reasons. That would rise the need to wake up from kernel.
>> The other way round, how do you intend to wake a thread that uses
>> poll() or similar from userspace?
>>
>
> Write to a pipe, or send a signal (signals are quite fast if you mask
> them in userspace and use ppoll()).
Signals have the disadvantage that they wake all guest CPUs (unless
one dedicates a singal per vcpu which does'nt scale). I think we need
a wakeup mechanism that can be used to send an interrupt to a specific
idle cpu from both kernel and userland. Pipes and poll (one per cpu)
would allow that, but it seems to me like there must be better options.
After having slept over it, I think that our idle/wakeup mechanism for
s390host is a mess. I will try to come up with an idea for this.
> I don't know what your usage model is, but it seems to me that
> leaving the host userspace at the mercy of the guest is a fairly
> large security hole:
> - the guest can modify the user's files, and read other users' files
> - the guest can access the host's network, possibly bypassing any
> firewalling that is set up for the guest
> - the guest can access other virtual machines on the host
>
> So, if the guest is broken into, or if you download an untrusted
> guest image ("virtual appliance"), then potentially large amounts of
> data are at risk, even if you run as a regular user. Does your
> usage model allow this?
Okay, I am convinced. We need to secure both. That will cause some
rework of our IO device drivers we use in our prototype, which don't
exactly care to check input data from the guest in userspace today.
Also, I am going to figure why kvm does'nt to run non-root in my local
x86 installation.
so long,
Carsten
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
next prev parent reply other threads:[~2007-04-30 14:48 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-04-27 13:40 [PATCH/PFC 0/2] s390 host support Carsten Otte
2007-04-27 16:19 ` Hollis Blanchard
[not found] ` <pan.2007.04.27.16.18.10.889473-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2007-04-27 19:58 ` Carsten Otte
[not found] ` <463255F3.2000500-tA70FqPdS9bQT0dZR+AlfA@public.gmane.org>
2007-04-27 22:34 ` Dong, Eddie
2007-04-29 8:09 ` Heiko Carstens
[not found] ` <1177681224.5770.20.camel-WIxn4w2hgUz3YA32ykw5MLlKpX0K8NHHQQ4Iyu8u01E@public.gmane.org>
2007-04-27 15:14 ` Carsten Otte
2007-04-28 6:27 ` Avi Kivity
[not found] ` <4632E94C.20904-atKUWr5tajBWk0Htik3J/w@public.gmane.org>
2007-04-28 8:45 ` Carsten Otte
[not found] ` <4633099D.3020709-tA70FqPdS9bQT0dZR+AlfA@public.gmane.org>
2007-04-29 9:13 ` Avi Kivity
[not found] ` <463461B1.7060406-atKUWr5tajBWk0Htik3J/w@public.gmane.org>
2007-04-29 10:24 ` Carsten Otte
[not found] ` <4634726F.10705-tA70FqPdS9bQT0dZR+AlfA@public.gmane.org>
2007-04-29 10:48 ` Avi Kivity
[not found] ` <463477EE.3000406-atKUWr5tajBWk0Htik3J/w@public.gmane.org>
2007-04-29 11:15 ` Carsten Otte
[not found] ` <46347E6D.90409-tA70FqPdS9bQT0dZR+AlfA@public.gmane.org>
2007-04-29 11:49 ` Avi Kivity
[not found] ` <46348661.6000909-atKUWr5tajBWk0Htik3J/w@public.gmane.org>
2007-04-29 14:27 ` Carsten Otte
[not found] ` <4634AB6C.4020901-tA70FqPdS9bQT0dZR+AlfA@public.gmane.org>
2007-04-29 15:06 ` Avi Kivity
2007-04-30 14:48 ` Carsten Otte [this message]
[not found] ` <463601A3.3070206-tA70FqPdS9bQT0dZR+AlfA@public.gmane.org>
2007-04-30 14:56 ` Avi Kivity
[not found] ` <463603B6.3010105-atKUWr5tajBWk0Htik3J/w@public.gmane.org>
2007-05-14 14:17 ` Carsten Otte
[not found] ` <46486F89.3080609-tA70FqPdS9bQT0dZR+AlfA@public.gmane.org>
2007-05-14 14:50 ` Avi Kivity
[not found] ` <4648774E.2060304-atKUWr5tajBWk0Htik3J/w@public.gmane.org>
2007-05-14 15:26 ` Carsten Otte
[not found] ` <46487FA5.4090905-tA70FqPdS9bQT0dZR+AlfA@public.gmane.org>
2007-05-14 15:29 ` Carsten Otte
[not found] ` <46488047.8090404-tA70FqPdS9bQT0dZR+AlfA@public.gmane.org>
2007-05-14 15:55 ` Avi Kivity
2007-05-14 15:53 ` Avi Kivity
2007-04-29 12:13 ` Heiko Carstens
[not found] ` <20070429121351.GA8254-5VkHqLvV2o3MbYB6QlFGEg@public.gmane.org>
2007-04-29 12:27 ` Avi Kivity
2007-04-29 8:11 ` Heiko Carstens
[not found] ` <20070429081157.GC8332-5VkHqLvV2o3MbYB6QlFGEg@public.gmane.org>
2007-04-29 8:45 ` Avi Kivity
2007-04-30 18:58 ` Hollis Blanchard
[not found] ` <pan.2007.04.30.18.58.56.432063-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2007-05-01 6:43 ` Avi Kivity
2007-05-01 14:53 ` Hollis Blanchard
[not found] ` <pan.2007.05.01.14.53.20.257696-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2007-05-01 14:57 ` Avi Kivity
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=463601A3.3070206@de.ibm.com \
--to=cotte-ta70fqpds9bqt0dzr+alfa@public.gmane.org \
--cc=avi-atKUWr5tajBWk0Htik3J/w@public.gmane.org \
--cc=carsteno-tA70FqPdS9bQT0dZR+AlfA@public.gmane.org \
--cc=cborntra-tA70FqPdS9bQT0dZR+AlfA@public.gmane.org \
--cc=kvm-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org \
--cc=mschwid2-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox