[Lguest] [kvm-devel] [RFC PATCH 0/4] Inter-guest virtio I/O example with lguest
Anthony Liguori
anthony at codemonkey.ws
Fri Mar 21 00:55:13 EST 2008
Avi Kivity wrote:
> Rusty Russell wrote:
>
>> Hi all,
>>
>> Just finished my prototype of inter-guest virtio, using networking as an
>> example. Each guest mmaps the other's address space and uses a FIFO for
>> notifications.
>>
>>
>>
>
> Isn't that a security hole (hole? chasm)? If the two guests can access
> each other's memory, they might as well be just one guest, and
> communicate internally.
>
Each guest's host userspace mmaps the other guest's address space. The
userspace then does a copy on both the tx and rx paths.
Conceivably, this could be done as a read-only mapping so that each
guest userspace copies only the rx packets. That's about as secure as
you're going to get with this approach I think.
Regards,
Anthony Liguori
> My feeling is that the host needs to copy the data, using dma if
> available. Another option is to have one guest map the other's memory
> for read and write, while the other guest is unprivileged. This allows
> one privileged guest to provide services for other, unprivileged guests,
> like domain 0 or driver domains in Xen.
>
>
More information about the Lguest
mailing list