WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [kvm-devel] [Xen-devel] More virtio users

from [Caitlin Bestler] [Permanent Link][Original]
To: "Arnd Bergmann" <arnd@xxxxxxxx>, kvm-devel@xxxxxxxxxxxxxxxxxxxxx
Subject: RE: [kvm-devel] [Xen-devel] More virtio users
From: "Caitlin Bestler" <caitlinb@xxxxxxxxxxxx>
Date: Tue, 12 Jun 2007 16:40:05 -0700
Cc: xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxx>, virtualization <virtualization@xxxxxxxxxxxxxxxxxxxxxxxxxx>
Delivery-date: Tue, 12 Jun 2007 20:09:05 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <200706130007.36437.arnd@xxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: AcetPjJIqxwGCBjpSxSd9BoO+kHjbgADHN9Q
Thread-topic: [kvm-devel] [Xen-devel] More virtio users 
virtualization-bounces@xxxxxxxxxxxxxxxxxxxxxxxxxx wrote:
> On Sunday 10 June 2007, Avi Kivity wrote:
>>> - PCI (or your favorite HW bus) passthrough, for your favorite
>>> oddball   device (e.g., crypto-accelerators).
>>> 
>> Won't all high-bandwidth traffic be through dma, bypassing virtio?
> 
> It can be done, but you'd also need a passthrough for the
> IOMMU in that case, and you get a potential security hole: if
> a malicious guest is smart enough to figure out IOMMU
> mappings from the device to memory owned by the host.
> 

If it is possible for a malicious guess to use the IOMMU
to access memory that was not assigned to it then either
the Hypervisor is not really a Hypervisor or the IOMMU
is not really an IOMMU.

The only real difference between enabling DMA and providing
IO buffers are the durations. The security implications are
identical.


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Xen-devel] [PATCH][XenAPI] Implement VM.set_VCPUs_at_startup, Jim Fehlig
Next by Date:  Re: [Xen-devel] [PATCH][XenAPI] Implement VM.set_VCPUs_at_startup, John Levon
Previous by Thread:  Re: [kvm-devel] [Xen-devel] More virtio users, Arnd Bergmann
Next by Thread:  Re: [kvm-devel] [Xen-devel] More virtio users, Arnd Bergmann
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy