Arnd Bergmann wrote:
It can shoot not only its foot, but anything the monitor's uid has
access to. Host files, the host network, other guests belonging to the
user, etc.
Yes, that's what I meant. It's obviously nicer if the guest can't do that,
but it's a tradeoff of the potential security impact against on how hard
it is to implement hiding the addresses you don't want your guest to see.
To put it into other words, do you want the optimal performance, or the
optimal security?
Well, isolation is one of the most significant features of full
virtualization, both for security and reliability. I don't think we can
compromise that.
It's worse than I thouht: tlb entries generated by guest accesses are
tagged with the guest virtual address, to if you remove a guest
physical/host virtual page you need to invalidate the entire guest tlb.
Ok, so it's the HW's fault. They either copied bad or decided doing the
s390 approach was too expensive.
x86 tradition is to make all possible mistakes before getting a working
solution.
--
error compiling committee.c: too many arguments to function
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
