[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [kvm-devel] [Xen-devel] More virtio users
virtualization-bounces@xxxxxxxxxxxxxxxxxxxxxxxxxx wrote: > On Sunday 10 June 2007, Avi Kivity wrote: >>> - PCI (or your favorite HW bus) passthrough, for your favorite >>> oddball device (e.g., crypto-accelerators). >>> >> Won't all high-bandwidth traffic be through dma, bypassing virtio? > > It can be done, but you'd also need a passthrough for the > IOMMU in that case, and you get a potential security hole: if > a malicious guest is smart enough to figure out IOMMU > mappings from the device to memory owned by the host. > If it is possible for a malicious guess to use the IOMMU to access memory that was not assigned to it then either the Hypervisor is not really a Hypervisor or the IOMMU is not really an IOMMU. The only real difference between enabling DMA and providing IO buffers are the durations. The security implications are identical. _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
![]() |
Lists.xenproject.org is hosted with RackSpace, monitoring our |