WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

RE: [Xen-devel] problem with netfront.c

To: "Ling, Xiaofeng" <xiaofeng.ling@xxxxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxx>
Subject: RE: [Xen-devel] problem with netfront.c
From: "Ian Pratt" <m+Ian.Pratt@xxxxxxxxxxxx>
Date: Mon, 4 Apr 2005 13:42:19 +0100
Delivery-date: Mon, 04 Apr 2005 12:42:28 +0000
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: AcU39PebD2/thBv+Rdms3itvtFiuwQAPExGgAAL3ilAAA/XnwAADDtQwAAG+UBAAJxrJIAAFut8g
Thread-topic: [Xen-devel] problem with netfront.c
 
> > It's not actually a security problem, but using mfns is a bit ugly.
> > 
> I mean for a full-virtualization domain, if the guest can map 
> any mfn to its pfn, it will not be secure. 

It can't unless the fully virtualized domain is fully privileged, which
it shouldn't be.

> I have a quick look at the grant table, Is the main point 
> that put the mfn to the table and get an id, and then give 
> other domain an id, so the other domain is allowed to map that mfn?

Yes, that's how it works.

Thanks,
Ian

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel