public inbox for kvm@vger.kernel.org
 help / color / mirror / Atom feed
From: Avi Kivity <avi-atKUWr5tajBWk0Htik3J/w@public.gmane.org>
To: Rusty Russell <rusty-8n+1lVoiYb80n/F98K4Iww@public.gmane.org>
Cc: kvm-devel
	<kvm-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org>,
	lguest <lguest-mnsaURCQ41sdnm+yROfE0A@public.gmane.org>,
	virtualization-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org
Subject: Re: [kvm-devel] [RFC PATCH 0/4] Inter-guest virtio I/O example with lguest
Date: Thu, 20 Mar 2008 08:54:45 +0200	[thread overview]
Message-ID: <47E20A35.2000600@qumranet.com> (raw)
In-Reply-To: <200803201659.14344.rusty-8n+1lVoiYb80n/F98K4Iww@public.gmane.org>

Rusty Russell wrote:
> Hi all,
>
>    Just finished my prototype of inter-guest virtio, using networking as an 
> example.  Each guest mmaps the other's address space and uses a FIFO for 
> notifications.
>
>   

Isn't that a security hole (hole? chasm)?  If the two guests can access 
each other's memory, they might as well be just one guest, and 
communicate internally.

My feeling is that the host needs to copy the data, using dma if 
available.  Another option is to have one guest map the other's memory 
for read and write, while the other guest is unprivileged.  This allows 
one privileged guest to provide services for other, unprivileged guests, 
like domain 0 or driver domains in Xen.

-- 
Any sufficiently difficult bug is indistinguishable from a feature.

  parent reply	other threads:[~2008-03-20  6:54 UTC|newest]

Thread overview: 27+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-03-20  5:59 [RFC PATCH 0/4] Inter-guest virtio I/O example with lguest Rusty Russell
     [not found] ` <200803201659.14344.rusty-8n+1lVoiYb80n/F98K4Iww@public.gmane.org>
2008-03-20  6:05   ` [RFC PATCH 1/5] lguest: mmap backing file Rusty Russell
     [not found]     ` <200803201705.44422.rusty-8n+1lVoiYb80n/F98K4Iww@public.gmane.org>
2008-03-20  6:22       ` [RFC PATCH 2/5] lguest: Encapsulate Guest memory ready for dealing with other Guests Rusty Russell
2008-03-20  6:36         ` [RFC PATCH 3/5] lguest: separate out virtqueue info from device info Rusty Russell
     [not found]           ` <200803201736.01883.rusty-8n+1lVoiYb80n/F98K4Iww@public.gmane.org>
2008-03-20  6:40             ` [RFC PATCH 4/5] lguest: ignore bad virtqueues Rusty Russell
2008-03-20  6:45               ` [RFC PATCH 5/5] lguest: Inter-guest networking Rusty Russell
2008-03-20 14:04       ` [kvm-devel] [RFC PATCH 1/5] lguest: mmap backing file Anthony Liguori
     [not found]         ` <47E26EE1.5030706-rdkfGonbjUSkNkDKm+mE6A@public.gmane.org>
2008-03-20 14:32           ` Paul TBBle Hampson
2008-03-20 15:07           ` Avi Kivity
2008-03-20 15:24             ` Anthony Liguori
2008-03-20 22:12           ` [kvm-devel] " Rusty Russell
2008-03-20 23:46             ` Anthony Liguori
2008-03-23  9:11               ` Avi Kivity
2008-03-20  8:16     ` [Lguest] " Tim Post
     [not found]       ` <1206000960.6873.124.camel-bi+AKbBUZKY6gyzm1THtWbp2dZbC/Bob@public.gmane.org>
2008-03-20 14:07         ` Paul TBBle Hampson
2008-03-21  0:29         ` Rusty Russell
2008-03-20  6:54   ` Avi Kivity [this message]
     [not found]     ` <47E20A35.2000600-atKUWr5tajBWk0Htik3J/w@public.gmane.org>
2008-03-20 13:55       ` [kvm-devel] [RFC PATCH 0/4] Inter-guest virtio I/O example with lguest Anthony Liguori
     [not found]         ` <47E26CC1.8080900-rdkfGonbjUSkNkDKm+mE6A@public.gmane.org>
2008-03-20 14:27           ` Avi Kivity
     [not found]             ` <47E27461.4090404-atKUWr5tajBWk0Htik3J/w@public.gmane.org>
2008-03-20 14:39               ` Anthony Liguori
2008-03-20 14:55                 ` Avi Kivity
2008-03-20 15:05                   ` Anthony Liguori
2008-03-20 15:36                     ` Avi Kivity
     [not found]                       ` <47E28482.9010501-atKUWr5tajBWk0Htik3J/w@public.gmane.org>
2008-03-20 15:52                         ` [kvm-devel] " Anthony Liguori
2008-03-20 22:14     ` Rusty Russell
2008-03-20 14:11   ` [kvm-devel] " Anthony Liguori
2008-03-23 12:05     ` Rusty Russell

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=47E20A35.2000600@qumranet.com \
    --to=avi-atkuwr5tajbwk0htik3j/w@public.gmane.org \
    --cc=kvm-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org \
    --cc=lguest-mnsaURCQ41sdnm+yROfE0A@public.gmane.org \
    --cc=rusty-8n+1lVoiYb80n/F98K4Iww@public.gmane.org \
    --cc=virtualization-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox