From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <yangyongqiang@huawei.com>
Received: from szxga02-in.huawei.com (szxga02-in.huawei.com [119.145.14.65])
 by dpdk.org (Postfix) with ESMTP id BA5B52946
 for <dev@dpdk.org>; Fri, 22 Apr 2016 09:55:56 +0200 (CEST)
Received: from 172.24.1.50 (EHLO nkgeml414-hub.china.huawei.com)
 ([172.24.1.50])
 by szxrg02-dlp.huawei.com (MOS 4.3.7-GA FastPath queued)
 with ESMTP id DFV35038; Fri, 22 Apr 2016 15:55:51 +0800 (CST)
Received: from NKGEML514-MBX.china.huawei.com ([fe80::40a8:f0d:c0f3:2ca5]) by
 nkgeml414-hub.china.huawei.com ([10.98.56.75]) with mapi id
 14.03.0235.001; Fri, 22 Apr 2016 15:55:42 +0800
From: "Yangyongqiang (Tony, Shannon)" <yangyongqiang@huawei.com>
To: "dev@dpdk.org" <dev@dpdk.org>
CC: "huangyongtao (A)" <huangyongtao1@huawei.com>
Thread-Topic: ivshmem is secure or not ? why ?
Thread-Index: AdGca1AMFvDm2FP9Tzaw3SOAavDWXg==
Date: Fri, 22 Apr 2016 07:55:41 +0000
Message-ID: <3E257BB0E1F99A41843FB9EE242C420392A09915@nkgeml514-mbx.china.huawei.com>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [10.111.96.118]
MIME-Version: 1.0
X-CFilter-Loop: Reflected
X-Mirapoint-Virus-RAPID-Raw: score=unknown(0),
 refid=str=0001.0A020202.5719D908.0055, ss=1, re=0.000, recu=0.000, reip=0.000,
 cl=1, cld=1, fgs=0, ip=0.0.0.0,
 so=2013-06-18 04:22:30, dmn=2013-03-21 17:37:32
X-Mirapoint-Loop-Id: 8f3026d3a151fb4c33eb097ddbbc9585
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
X-Content-Filtered-By: Mailman/MimeDel 2.1.15
Subject: [dpdk-dev] ivshmem is secure or not ? why ?
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: patches and discussions about DPDK <dev.dpdk.org>
List-Unsubscribe: <http://dpdk.org/ml/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://dpdk.org/ml/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <http://dpdk.org/ml/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Apr 2016 07:55:59 -0000

>>From http://dpdk.org/doc/guides/prog_guide/ivshmem_lib.html,  I get this : =
different vms can use different metadatas, so different vms can have differ=
ent memory shared with host.

For example:
If vm1 shares MZ1 with host, and vm2 shares MZ2 with host, then vm1 can not=
 look MZ2.  If this is true, then I think ivshmem is secured.

But "9.3. Best Practices for Writing IVSHMEM Applications"section say : "Wh=
ile the IVSHMEM library tries to share as little memory as possible, it is =
quite probable that data designated for one VM might also be present in an =
IVSMHMEM device designated for another VM. "

*         I can not understand why this insecurity<javascript:void(0);> hap=
pened, can anyone explain this for me ?