[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Discussion about virtual iommu support for Xen guest

To: "Tian, Kevin" <kevin.tian@xxxxxxxxx>
From: Stefano Stabellini <sstabellini@xxxxxxxxxx>
Date: Tue, 7 Jun 2016 11:07:02 +0100 (BST)
Cc: "Lan, Tianyu" <tianyu.lan@xxxxxxxxx>, "yang.zhang.wz@xxxxxxxxx" <yang.zhang.wz@xxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, "jbeulich@xxxxxxxx" <jbeulich@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, "Dong, Eddie" <eddie.dong@xxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>, "Nakajima, Jun" <jun.nakajima@xxxxxxxxx>, "anthony.perard@xxxxxxxxxx" <anthony.perard@xxxxxxxxxx>, "ian.jackson@xxxxxxxxxxxxx" <ian.jackson@xxxxxxxxxxxxx>, Roger Pau Monne <roger.pau@xxxxxxxxxx>
Delivery-date: Tue, 07 Jun 2016 10:07:26 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

On Tue, 7 Jun 2016, Tian, Kevin wrote:
> > I think of QEMU as a provider of complex, high level emulators, such as
> > the e1000, Cirrus VGA, SCSI controllers, etc., which don't necessarily
> > need to be fast.
> 
> Earlier you said Qemu imposes security issues. Here you said Qemu can 
> still provide complex emulators. Does it mean that security issue in Qemu
> simply comes from the part which should be moved into Xen? Any
> elaboration here?

It imposes security issues because, although it doesn't have to run as
root anymore, QEMU still has to run with fully privileged libxc and
xenstore handles. In other words, a malicious guest breaking into QEMU
would have relatively easy access to the whole host. There is a design
to solve this, see Ian Jackson's talk at FOSDEM this year:

https://fosdem.org/2016/schedule/event/virt_iaas_qemu_for_xen_secure_by_default/
https://fosdem.org/2016/schedule/event/virt_iaas_qemu_for_xen_secure_by_default/attachments/other/921/export/events/attachments/virt_iaas_qemu_for_xen_secure_by_default/other/921/talk.txt

Other solutions to solve this issue are stubdoms or simply using PV
guests and HVMlite guests only.

Irrespective of the problematic security angle, which is unsolved, I
think of QEMU as a provider of complex emulators, as I wrote above.

Does it make sense?

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] Discussion about virtual iommu support for Xen guest
  - From: Tian, Kevin

References:
- Re: [Xen-devel] Discussion about virtual iommu support for Xen guest
  - From: Lan, Tianyu
- Re: [Xen-devel] Discussion about virtual iommu support for Xen guest
  - From: Andrew Cooper
- Re: [Xen-devel] Discussion about virtual iommu support for Xen guest
  - From: Tian, Kevin
- Re: [Xen-devel] Discussion about virtual iommu support for Xen guest
  - From: Andrew Cooper
- Re: [Xen-devel] Discussion about virtual iommu support for Xen guest
  - From: Stefano Stabellini
- Re: [Xen-devel] Discussion about virtual iommu support for Xen guest
  - From: Tian, Kevin

Prev by Date: [Xen-devel] [xen-4.5-testing test] 95333: regressions - FAIL
Next by Date: Re: [Xen-devel] [RFC] xen/arm: build: add missed dependency for head.S
Previous by thread: Re: [Xen-devel] Discussion about virtual iommu support for Xen guest
Next by thread: Re: [Xen-devel] Discussion about virtual iommu support for Xen guest
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.