Avi Kivity wrote: > Rusty Russell wrote: > >> Hi all, >> >> Just finished my prototype of inter-guest virtio, using networking as an >> example. Each guest mmaps the other's address space and uses a FIFO for >> notifications. >> >> >> > > Isn't that a security hole (hole? chasm)? If the two guests can access > each other's memory, they might as well be just one guest, and > communicate internally. > Each guest's host userspace mmaps the other guest's address space. The userspace then does a copy on both the tx and rx paths. Conceivably, this could be done as a read-only mapping so that each guest userspace copies only the rx packets. That's about as secure as you're going to get with this approach I think. Regards, Anthony Liguori > My feeling is that the host needs to copy the data, using dma if > available. Another option is to have one guest map the other's memory > for read and write, while the other guest is unprivileged. This allows > one privileged guest to provide services for other, unprivileged guests, > like domain 0 or driver domains in Xen. > > _______________________________________________ Virtualization mailing list Virtualization@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/virtualization
