Re: A few KVM security questions

[Joanna Rutkowska <joanna@invisiblethingslab.com>]

[-- Attachment #1: Type: text/plain, Size: 1973 bytes --]

Avi Kivity wrote:

>> 1) Do you have any support for para-virtualized VMs?
> 
> Yes, for example, we support paravirtualized timers and mmu for Linux. 
> These are fairly minimal compared to Xen's pv domains.
> 

Can I run a regular Linux as PV-guest? Specifically, can I get rid of
qemu totally, assuming I have only PV guests?

E.g. do you have PV network and disk frontends (PV drivers), that I
could use on guests and that do not use qemu at all?

>> 2) Is it possible to have driver domains in KVM? E.g. I would like to
>> assign my NIC to one VM (a "network domain") and then I would like other
>> domains to use this network domain for networking. In case of Xen, this
>> is done by moving the network backend (which is not qemu BTW) into the
>> network domain, and configuring the network frontends in other VMs to
>> talk to this network domain's backend, rather then to Dom0's backend (in
>> fact you can get rid of all the networking in Dom0).
>>    
> 
> Should be doable by assigning the NIC to a driver domain and bridging it
> to a virtio driver; then have the driver domain's virtio device talk to
> the ordinary guests.

But bridging would still require to have some networking support (+net
backends) on the host (sure, without any real NIC driver, but still),
correct?

>> 4) Do you have some method of excluding particular PCI devices from
>> being initialized by your host Linux? E.g. those devices that are later
>> to be assigned to some VMs (via VT-d passthrough)?
> 
> Yes, there is a stub driver that does this.
> 

Does this stub driver sets DMA protections, so that the device in
question cannot access any host memory?

That is important, because once you assigned a device to some VM, we
should assume the VM might have somehow compromised the device, e.g.
reflashed the firmware of the NIC, perhaps. So, it's important to be
able to protect the hypervisor from such devices.

Thanks,
joanna.


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 163 bytes --]