On Thursday 20 March 2008 17:54:45 Avi Kivity wrote: > Rusty Russell wrote: > > Hi all, > > > > Just finished my prototype of inter-guest virtio, using networking as > > an example. Each guest mmaps the other's address space and uses a FIFO > > for notifications. > > Isn't that a security hole (hole? chasm)? If the two guests can access > each other's memory, they might as well be just one guest, and > communicate internally. Sorry, sloppy language on my part. Each launcher process maps the other guest's memory as well: ie. copying occurs in the host. > My feeling is that the host needs to copy the data, using dma if > available. Another option is to have one guest map the other's memory > for read and write, while the other guest is unprivileged. This allows > one privileged guest to provide services for other, unprivileged guests, > like domain 0 or driver domains in Xen. One having privilege is possible, even trivial with the current patch (it's actually doing a completely generic inter-virtio-ring shuffle). I chose the symmetrical approach for this demo for no particularly good reason. Cheers, Rusty. _______________________________________________ Virtualization mailing list Virtualization@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/virtualization
