[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [Xen-devel] problem with netfront.c
Ian Pratt <mailto:m+Ian.Pratt@xxxxxxxxxxxx> wrote: >>> Using grant tables, the front end doesn't need to know about machine >>> addresses, and the whole thing ends up rather cleaner, particulary >>> for domains running with virtualized VMs. >> Yes, there do have security problem to use machine address in >> netfront. > > It's not actually a security problem, but using mfns is a bit ugly. > I mean for a full-virtualization domain, if the guest can map any mfn to its pfn, it will not be secure. I have a quick look at the grant table, Is the main point that put the mfn to the table and get an id, and then give other domain an id, so the other domain is allowed to map that mfn? _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
![]() |
Lists.xenproject.org is hosted with RackSpace, monitoring our |