| |
|
 |
|
 |
|
|
|
| |
|
|
xen-devel
RE: [Xen-devel] problem with netfront.c
Ian Pratt <mailto:m+Ian.Pratt@xxxxxxxxxxxx> wrote:
>>> Using grant tables, the front end doesn't need to know about machine
>>> addresses, and the whole thing ends up rather cleaner, particulary
>>> for domains running with virtualized VMs.
>> Yes, there do have security problem to use machine address in
>> netfront.
>
> It's not actually a security problem, but using mfns is a bit ugly.
>
I mean for a full-virtualization domain, if the guest can map any mfn to its
pfn,
it will not be secure.
I have a quick look at the grant table, Is the main point that put the mfn to
the table and
get an id, and then give other domain an id, so the other domain is allowed to
map that mfn?
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|
| <Prev in Thread] |
Current Thread |
[Next in Thread>
|
- [Xen-devel] problem with netfront.c, Ling, Xiaofeng
- RE: [Xen-devel] problem with netfront.c, Ian Pratt
- RE: [Xen-devel] problem with netfront.c, Ling, Xiaofeng
- RE: [Xen-devel] problem with netfront.c, Ian Pratt
- RE: [Xen-devel] problem with netfront.c, Ling, Xiaofeng
- RE: [Xen-devel] problem with netfront.c, Ian Pratt
- RE: [Xen-devel] problem with netfront.c, Ian Pratt
- RE: [Xen-devel] problem with netfront.c,
Ling, Xiaofeng <=
- RE: [Xen-devel] problem with netfront.c, Ian Pratt
|
|
|
| |
|
Home