From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1LKcbO-0005If-Ao
	for qemu-devel@nongnu.org; Wed, 07 Jan 2009 12:53:58 -0500
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1LKcbL-0005IN-Ra
	for qemu-devel@nongnu.org; Wed, 07 Jan 2009 12:53:57 -0500
Received: from [199.232.76.173] (port=50182 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1LKcbL-0005IK-NJ
	for qemu-devel@nongnu.org; Wed, 07 Jan 2009 12:53:55 -0500
Received: from mail-ew0-f21.google.com ([209.85.219.21]:56403)
	by monty-python.gnu.org with esmtp (Exim 4.60)
	(envelope-from <anthony@codemonkey.ws>) id 1LKcbL-0006HZ-9R
	for qemu-devel@nongnu.org; Wed, 07 Jan 2009 12:53:55 -0500
Received: by ewy14 with SMTP id 14so9732602ewy.10
	for <qemu-devel@nongnu.org>; Wed, 07 Jan 2009 09:53:54 -0800 (PST)
Message-ID: <4964EC2B.1080406@codemonkey.ws>
Date: Wed, 07 Jan 2009 11:53:47 -0600
From: Anthony Liguori <anthony@codemonkey.ws>
MIME-Version: 1.0
Subject: Re: [Qemu-devel] [PATCH] mark nic as trusted
References: <20090107142626.GE3267@redhat.com> <4964D98B.6030404@codemonkey.ws>
	<20090107165050.GI3267@redhat.com>
In-Reply-To: <20090107165050.GI3267@redhat.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Reply-To: qemu-devel@nongnu.org
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org

Gleb Natapov wrote:
> On Wed, Jan 07, 2009 at 10:34:19AM -0600, Anthony Liguori wrote:
>   
>> Gleb Natapov wrote:
>>     
>>> This patch allows to mark specific nic as trusted by adding special
>>> PCI capability. "Trusted" means that it is used for communication
>>> between host and guest and no malicious entity can inject traffic
>>> to the nic.
>>>
>>> Signed-off-by: Gleb Natapov <gleb@redhat.com>
>>>   
>>>       
>> What utility does this have?  Does this make Windows happy in some  
>> special way?
>>
>>     
> That is for secure guest<->host communication over network. Guest has to
> know somehow which link host uses for communication. If guest has no way
> to know this, another computer on untrusted network can pretend it is real
> host and "own" a guest. 
>   

So this is for vmchannel?  How do you differentiate a real device with 
that bit set compared to the vmchannel device?

Regards,

Anthony Liguori

> --
> 			Gleb.
>
>
>