[Lguest] [kvm-devel] [RFC PATCH 0/4] Inter-guest virtio I/O example with lguest

[Avi Kivity]

Anthony Liguori wrote:
> Avi Kivity wrote:
>> Rusty Russell wrote:
>>  
>>> Hi all,
>>>
>>>    Just finished my prototype of inter-guest virtio, using 
>>> networking as an example.  Each guest mmaps the other's address 
>>> space and uses a FIFO for notifications.
>>>
>>>       
>>
>> Isn't that a security hole (hole? chasm)?  If the two guests can 
>> access each other's memory, they might as well be just one guest, and 
>> communicate internally.
>>   
>
> Each guest's host userspace mmaps the other guest's address space.  
> The userspace then does a copy on both the tx and rx paths.
>

Well, that's better security-wise (I'd still prefer to avoid it, so we 
can run each guest under a separate uid), but then we lose performance wise.

> Conceivably, this could be done as a read-only mapping so that each 
> guest userspace copies only the rx packets.  That's about as secure as 
> you're going to get with this approach I think.
>

Maybe we can terminate the virtio queue in the host kernel as a pipe, 
and splice pipes together.

That gives us guest-guest and guest-process communications, and if you 
use aio the kernel can use a dma engine for the copy.

-- 
error compiling committee.c: too many arguments to function