Anthony Liguori wrote: > Avi Kivity wrote: >> Rusty Russell wrote: >> >>> Hi all, >>> >>> Just finished my prototype of inter-guest virtio, using >>> networking as an example. Each guest mmaps the other's address >>> space and uses a FIFO for notifications. >>> >>> >> >> Isn't that a security hole (hole? chasm)? If the two guests can >> access each other's memory, they might as well be just one guest, and >> communicate internally. >> > > Each guest's host userspace mmaps the other guest's address space. > The userspace then does a copy on both the tx and rx paths. > Well, that's better security-wise (I'd still prefer to avoid it, so we can run each guest under a separate uid), but then we lose performance wise. > Conceivably, this could be done as a read-only mapping so that each > guest userspace copies only the rx packets. That's about as secure as > you're going to get with this approach I think. > Maybe we can terminate the virtio queue in the host kernel as a pipe, and splice pipes together. That gives us guest-guest and guest-process communications, and if you use aio the kernel can use a dma engine for the copy. -- error compiling committee.c: too many arguments to function _______________________________________________ Virtualization mailing list Virtualization@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/virtualization
