| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 5 Sep 2013 14:33:55 +0100 From: Stefano Stabellini <stefano.stabellini@...citrix.com> To: "Michael S. Tsirkin" <mst@...hat.com> CC: Wei Liu <wei.liu2@...rix.com>, <qianhuibin@...wei.com>, KVM list <kvm@...r.kernel.org>, <likunyun@...wei.com>, <netdev@...r.kernel.org>, <jasowang@...hat.com>, "xen-devel@...ts.xen.org" <xen-devel@...ts.xen.org>, <liuyongan@...wei.com>, <liuyingdong@...wei.com>, <wangfuhai@...wei.com>, Anthony Liguori <anthony@...emonkey.ws>, Qin Chuanyu <qinchuanyu@...wei.com> Subject: Re: [Xen-devel] Is fallback vhost_net to qemu for live migrate available? On Tue, 3 Sep 2013, Michael S. Tsirkin wrote: > On Tue, Sep 03, 2013 at 09:40:48AM +0100, Wei Liu wrote: > > On Tue, Sep 03, 2013 at 09:28:11AM +0800, Qin Chuanyu wrote: > > > On 2013/9/2 15:57, Wei Liu wrote: > > > >On Sat, Aug 31, 2013 at 12:45:11PM +0800, Qin Chuanyu wrote: > > > >>On 2013/8/30 0:08, Anthony Liguori wrote: > > > >>>Hi Qin, > > > >> > > > >>>>By change the memory copy and notify mechanism ,currently virtio-net with > > > >>>>vhost_net could run on Xen with good performance。 > > > >>> > > > >>>I think the key in doing this would be to implement a property > > > >>>ioeventfd and irqfd interface in the driver domain kernel. Just > > > >>>hacking vhost_net with Xen specific knowledge would be pretty nasty > > > >>>IMHO. > > > >>> > > > >>Yes, I add a kernel module which persist virtio-net pio_addr and > > > >>msix address as what kvm module did. Guest wake up vhost thread by > > > >>adding a hook func in evtchn_interrupt. > > > >> > > > >>>Did you modify the front end driver to do grant table mapping or is > > > >>>this all being done by mapping the domain's memory? > > > >>> > > > >>There is nothing changed in front end driver. Currently I use > > > >>alloc_vm_area to get address space, and map the domain's memory as > > > >>what what qemu did. > > > >> > > > > > > > >You mean you're using xc_map_foreign_range and friends in the backend to > > > >map guest memory? That's not very desirable as it violates Xen's > > > >security model. It would not be too hard to pass grant references > > > >instead of guest physical memory address IMHO. > > > > > > > In fact, I did what virtio-net have done in Qemu. I think security > > > is a pseudo question because Dom0 is under control. Right, but we are trying to move the backends out of Dom0, for scalability and security. Setting up a network driver domain is pretty easy and should work out of the box with Xen 4.3. That said, I agree that using xc_map_foreign_range is a good way to start. > > Consider that you might have driver domains. Not every domain is under > > control or trusted. > > I don't see anything that will prevent using driver domains here. Driver domains are not privileged, therefore cannot map random guest pages (unless they have been granted by the guest via the grant table). xc_map_foreign_range can't work from a driver domain. > > Also consider that security model like XSM can be > > used to audit operations to enhance security so your foreign mapping > > approach might not always work. > > It could be nice to have as an option, sure. > XSM is disabled by default though so I don't think lack of support for > that makes it a prototype. There are some security aware Xen based products in the market today that use XSM.
Powered by blists - more mailing lists