[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Xen-devel] problem with netfront.c

  • To: "Ian Pratt" <m+Ian.Pratt@xxxxxxxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxx>
  • From: "Ling, Xiaofeng" <xiaofeng.ling@xxxxxxxxx>
  • Date: Mon, 4 Apr 2005 18:06:31 +0800
  • Delivery-date: Mon, 04 Apr 2005 10:04:42 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xensource.com>
  • Thread-index: AcU39PebD2/thBv+Rdms3itvtFiuwQAPExGgAAL3ilAAA/XnwAADDtQwAAG+UBAAJxrJIA==
  • Thread-topic: [Xen-devel] problem with netfront.c

Ian Pratt <mailto:m+Ian.Pratt@xxxxxxxxxxxx> wrote:
>>> Using grant tables, the front end doesn't need to know about machine
>>> addresses, and the whole thing ends up rather cleaner, particulary
>>> for domains running with virtualized VMs.
>> Yes, there do have security problem to use machine address in
>> netfront.
> 
> It's not actually a security problem, but using mfns is a bit ugly.
> 
I mean for a full-virtualization domain, if the guest can map any mfn to its 
pfn,
it will not be secure. 
I have a quick look at the grant table, Is the main point that put the mfn to 
the table and
get an id, and then give other domain an id, so the other domain is allowed to 
map that mfn?



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.