[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Xen-devel] problem with netfront.c


  • To: "Ling, Xiaofeng" <xiaofeng.ling@xxxxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxx>
  • From: "Ian Pratt" <m+Ian.Pratt@xxxxxxxxxxxx>
  • Date: Mon, 4 Apr 2005 13:42:19 +0100
  • Delivery-date: Mon, 04 Apr 2005 12:42:28 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xensource.com>
  • Thread-index: AcU39PebD2/thBv+Rdms3itvtFiuwQAPExGgAAL3ilAAA/XnwAADDtQwAAG+UBAAJxrJIAAFut8g
  • Thread-topic: [Xen-devel] problem with netfront.c

 
> > It's not actually a security problem, but using mfns is a bit ugly.
> > 
> I mean for a full-virtualization domain, if the guest can map 
> any mfn to its pfn, it will not be secure. 

It can't unless the fully virtualized domain is fully privileged, which
it shouldn't be.

> I have a quick look at the grant table, Is the main point 
> that put the mfn to the table and get an id, and then give 
> other domain an id, so the other domain is allowed to map that mfn?

Yes, that's how it works.

Thanks,
Ian

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.