From: Eric Blake <eblake@redhat.com>
To: Zhi Yong Wu <zwu.kernel@gmail.com>,
KVM mailing list <kvm@vger.kernel.org>,
QEMU Developers <qemu-devel@nongnu.org>,
libvir-list@redhat.com
Cc: loki2441@gmail.com, Zhi Yong Wu <zhiyong.wzy@alibaba-inc.com>
Subject: Re: [Qemu-devel] vmfork in KVM
Date: Fri, 08 May 2015 09:07:18 -0600 [thread overview]
Message-ID: <554CD126.2080508@redhat.com> (raw)
In-Reply-To: <CAEH94LhQKWqw1qC+aHfSS_ZH93sb1x1XU3ZN-EUPeb8PwRGi4Q@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 792 bytes --]
On 05/08/2015 03:55 AM, Zhi Yong Wu wrote:
> HI, all guys
>
> Why does vmfork not get supported by KVM project? What is the
> drawback? It's very cool if it's used in some scenario, e.g. HPC. It
> will be appreciated for your comments, thanks.
In general, live cloning of a VM is a security nightmare - you have to
make sure that either both sides of the fork will never be exposed to
the same network, or that you figure out how to scrub everything such as
IP addresses and random number state so that the two VMs are independent
enough as to not be able to guess the behavior of one guest by observing
the other. Offline cloning is a much more tractable problem.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 604 bytes --]
prev parent reply other threads:[~2015-05-08 15:07 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <CAHqbYQt50ZNoQOaEapc18TLGT+zPXZ6q-gcdUQG+oTSuLJ149Q@mail.gmail.com>
2015-05-08 9:55 ` [Qemu-devel] vmfork in KVM Zhi Yong Wu
2015-05-08 15:07 ` Eric Blake [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=554CD126.2080508@redhat.com \
--to=eblake@redhat.com \
--cc=kvm@vger.kernel.org \
--cc=libvir-list@redhat.com \
--cc=loki2441@gmail.com \
--cc=qemu-devel@nongnu.org \
--cc=zhiyong.wzy@alibaba-inc.com \
--cc=zwu.kernel@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).