From: Julian Stecklina <jsteckli@os.inf.tu-dresden.de>
To: Stefan Hajnoczi <stefanha@gmail.com>
Cc: "snabb-devel@googlegroups.com" <snabb-devel@googlegroups.com>,
qemu-devel <qemu-devel@nongnu.org>,
Anthony Liguori <anthony@codemonkey.ws>,
"Michael S. Tsirkin" <mst@redhat.com>
Subject: Re: [Qemu-devel] snabbswitch integration with QEMU for userspace ethernet I/O
Date: Thu, 30 May 2013 10:08:51 +0200 [thread overview]
Message-ID: <51A70913.5060309@os.inf.tu-dresden.de> (raw)
In-Reply-To: <CAJSP0QXu5WDVot2BcfN8a2JXTi=rS32Rja3CeJGx4V=0+G1-Bw@mail.gmail.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 05/30/2013 08:46 AM, Stefan Hajnoczi wrote:
> On Wed, May 29, 2013 at 6:02 PM, Julian Stecklina
> <jsteckli@os.inf.tu-dresden.de> wrote:
>> On 05/29/2013 04:21 PM, Stefan Hajnoczi wrote:
>>> The fact that a single switch process has shared memory access
>>> to all guests' RAM is critical. If the switch process is
>>> exploited, then that exposes other guests' data! (Think of a
>>> multi-tenant host with guests belonging to different users.)
>>
>> True. But people don't mind having instruction decoding and half
>> of virtio in the kernel these days, so it can't be that security
>> critical...
>
> No, it's still security critical. If there were equivalent
> solutions with better security then I'm sure people would accept
> them. It's just that there isn't an equivalent solution yet :).
My comment was more or less meant in a resigning way. ;) At least we
are not putting HTTP servers in there any more.
Julian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
iEYEARECAAYFAlGnCRMACgkQ2EtjUdW3H9mzFwCghZxvckYgZ4atLm3HLPPWF/Lb
688AnRXm12jbBlmCVOKSaDUHHejEdh7O
=csrK
-----END PGP SIGNATURE-----
next prev parent reply other threads:[~2013-05-30 8:09 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-05-26 9:32 [Qemu-devel] snabbswitch integration with QEMU for userspace ethernet I/O Luke Gorrie
2013-05-27 9:34 ` Stefan Hajnoczi
2013-05-27 15:18 ` Michael S. Tsirkin
2013-05-27 15:43 ` Paolo Bonzini
2013-05-27 16:18 ` Anthony Liguori
2013-05-27 16:18 ` Paolo Bonzini
2013-05-27 17:01 ` Anthony Liguori
2013-05-27 17:13 ` Michael S. Tsirkin
2013-05-27 18:31 ` Anthony Liguori
2013-05-28 10:39 ` Luke Gorrie
2013-05-28 10:10 ` Luke Gorrie
2013-05-28 10:35 ` Stefan Hajnoczi
2013-05-28 11:36 ` Julian Stecklina
2013-05-28 11:53 ` Michael S. Tsirkin
2013-05-28 12:09 ` Julian Stecklina
2013-05-28 13:56 ` Michael S. Tsirkin
2013-05-28 15:35 ` Julian Stecklina
2013-05-28 15:44 ` Michael S. Tsirkin
2013-05-28 12:48 ` [Qemu-devel] [snabb-devel:276] " Luke Gorrie
2013-05-28 13:12 ` Julian Stecklina
2013-05-28 13:42 ` [Qemu-devel] [snabb-devel:280] " Luke Gorrie
2013-05-28 14:42 ` [Qemu-devel] [snabb-devel:276] " Luke Gorrie
2013-05-28 15:33 ` Julian Stecklina
2013-05-28 17:00 ` [Qemu-devel] " Anthony Liguori
2013-05-28 17:17 ` Michael S. Tsirkin
2013-05-28 18:55 ` Anthony Liguori
2013-05-29 10:31 ` Stefano Stabellini
2013-05-29 12:25 ` Michael S. Tsirkin
2013-05-29 13:04 ` Stefano Stabellini
2013-06-04 12:19 ` [Qemu-devel] [snabb-devel:300] " Luke Gorrie
2013-06-04 12:49 ` Julian Stecklina
2013-06-04 20:09 ` [Qemu-devel] [snabb-devel:326] " Luke Gorrie
2013-06-04 12:56 ` [Qemu-devel] [snabb-devel:300] " Michael S. Tsirkin
2013-06-05 6:09 ` [Qemu-devel] [snabb-devel:327] " Luke Gorrie
2013-05-29 7:49 ` [Qemu-devel] " Stefan Hajnoczi
2013-05-29 9:08 ` Michael S. Tsirkin
2013-05-29 14:21 ` Stefan Hajnoczi
2013-05-29 14:48 ` Michael S. Tsirkin
2013-05-29 16:02 ` Julian Stecklina
2013-05-30 2:35 ` ronnie sahlberg
2013-05-30 6:46 ` Stefan Hajnoczi
2013-05-30 6:55 ` Michael S. Tsirkin
2013-05-30 7:11 ` [Qemu-devel] [snabb-devel:308] " Luke Gorrie
2013-05-30 8:08 ` Julian Stecklina [this message]
2013-05-29 12:32 ` [Qemu-devel] " Julian Stecklina
2013-05-29 14:31 ` Stefan Hajnoczi
2013-05-29 15:59 ` Julian Stecklina
2013-05-28 11:58 ` Stefan Hajnoczi
2013-10-21 10:29 ` Luke Gorrie
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=51A70913.5060309@os.inf.tu-dresden.de \
--to=jsteckli@os.inf.tu-dresden.de \
--cc=anthony@codemonkey.ws \
--cc=mst@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=snabb-devel@googlegroups.com \
--cc=stefanha@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).