From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1LKdJr-0004wL-NO for qemu-devel@nongnu.org; Wed, 07 Jan 2009 13:39:55 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1LKdJp-0004vR-A9 for qemu-devel@nongnu.org; Wed, 07 Jan 2009 13:39:55 -0500 Received: from [199.232.76.173] (port=59306 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1LKdJo-0004vN-Vj for qemu-devel@nongnu.org; Wed, 07 Jan 2009 13:39:53 -0500 Received: from mx2.redhat.com ([66.187.237.31]:44111) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1LKdJo-0006Lg-IR for qemu-devel@nongnu.org; Wed, 07 Jan 2009 13:39:52 -0500 Received: from int-mx2.corp.redhat.com (int-mx2.corp.redhat.com [172.16.27.26]) by mx2.redhat.com (8.13.8/8.13.8) with ESMTP id n07IdpEV018554 for ; Wed, 7 Jan 2009 13:39:51 -0500 Received: from ns3.rdu.redhat.com (ns3.rdu.redhat.com [10.11.255.199]) by int-mx2.corp.redhat.com (8.13.1/8.13.1) with ESMTP id n07Idp8L009919 for ; Wed, 7 Jan 2009 13:39:52 -0500 Received: from dhcp-1-237.tlv.redhat.com (dhcp-1-237.tlv.redhat.com [10.35.1.237]) by ns3.rdu.redhat.com (8.13.8/8.13.8) with ESMTP id n07Idphg026144 for ; Wed, 7 Jan 2009 13:39:51 -0500 Date: Wed, 7 Jan 2009 20:41:03 +0200 From: Gleb Natapov Subject: Re: [Qemu-devel] [PATCH] mark nic as trusted Message-ID: <20090107184103.GA19406@redhat.com> References: <20090107142626.GE3267@redhat.com> <4964D98B.6030404@codemonkey.ws> <20090107165050.GI3267@redhat.com> <4964EC2B.1080406@codemonkey.ws> <4964EC55.4000507@codemonkey.ws> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4964EC55.4000507@codemonkey.ws> Reply-To: qemu-devel@nongnu.org List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org On Wed, Jan 07, 2009 at 11:54:29AM -0600, Anthony Liguori wrote: > Anthony Liguori wrote: >>> That is for secure guest<->host communication over network. Guest has to >>> know somehow which link host uses for communication. If guest has no way >>> to know this, another computer on untrusted network can pretend it is >>> real >>> host and "own" a guest. >> >> So this is for vmchannel? How do you differentiate a real device with >> that bit set compared to the vmchannel device? > > Like if you were doing PCI passthrough of an e1000... > It's not just one bit. It is 14 byte string. We can put something unique there. -- Gleb.