[dpdk-dev] ivshmem is secure or not ? why ?

[dpdk-dev] ivshmem is secure or not ? why ?

[Yangyongqiang (Tony, Shannon)]

>From http://dpdk.org/doc/guides/prog_guide/ivshmem_lib.html,  I get this : different vms can use different metadatas, so different vms can have different memory shared with host.

For example:
If vm1 shares MZ1 with host, and vm2 shares MZ2 with host, then vm1 can not look MZ2.  If this is true, then I think ivshmem is secured.

But "9.3. Best Practices for Writing IVSHMEM Applications"section say : "While the IVSHMEM library tries to share as little memory as possible, it is quite probable that data designated for one VM might also be present in an IVSMHMEM device designated for another VM. "

*         I can not understand why this insecurity<javascript:void(0);> happened, can anyone explain this for me ?

Re: [dpdk-dev] ivshmem is secure or not ? why ?

[Mauricio Vásquez]

Hello Yangyongqiang,

On Fri, Apr 22, 2016 at 9:55 AM, Yangyongqiang (Tony, Shannon) <
yangyongqiang@huawei.com> wrote:

> From http://dpdk.org/doc/guides/prog_guide/ivshmem_lib.html,  I get this
> : different vms can use different metadatas, so different vms can have
> different memory shared with host.
>
> For example:
> If vm1 shares MZ1 with host, and vm2 shares MZ2 with host, then vm1 can
> not look MZ2.  If this is true, then I think ivshmem is secured.
>

It is not true. In order to share a memzone, the current implementation of
ivshmem shares the whole hugepages that contain that memzone, then, in the
case MZ1 and MZ2 are in the same hugepage, both guest could access both
memory zones.


>
> But "9.3. Best Practices for Writing IVSHMEM Applications"section say :
> "While the IVSHMEM library tries to share as little memory as possible, it
> is quite probable that data designated for one VM might also be present in
> an IVSMHMEM device designated for another VM. "
>
> *         I can not understand why this insecurity<javascript:void(0);>
> happened, can anyone explain this for me ?
>

Mauricio Vasquez,

[dpdk-dev] 答复: ivshmem is secure or not ? why ?

[Yangyongqiang (Tony, Shannon)]

Thank you , Vasquez

I get it, the metadatas only are used by vms for finding this MZ or ring from the whole hugepages.

发件人: Mauricio Vásquez [mailto:mauricio.vasquezbernal@studenti.polito.it]
发送时间: 2016年4月22日 17:58
收件人: Yangyongqiang (Tony, Shannon)
抄送: dev@dpdk.org; huangyongtao (A)
主题: Re: [dpdk-dev] ivshmem is secure or not ? why ?

Hello Yangyongqiang,

On Fri, Apr 22, 2016 at 9:55 AM, Yangyongqiang (Tony, Shannon) <yangyongqiang@huawei.com<mailto:yangyongqiang@huawei.com>> wrote:
From http://dpdk.org/doc/guides/prog_guide/ivshmem_lib.html,  I get this : different vms can use different metadatas, so different vms can have different memory shared with host.

For example:
If vm1 shares MZ1 with host, and vm2 shares MZ2 with host, then vm1 can not look MZ2.  If this is true, then I think ivshmem is secured.

It is not true. In order to share a memzone, the current implementation of ivshmem shares the whole hugepages that contain that memzone, then, in the case MZ1 and MZ2 are in the same hugepage, both guest could access both memory zones.


But "9.3. Best Practices for Writing IVSHMEM Applications"section say : "While the IVSHMEM library tries to share as little memory as possible, it is quite probable that data designated for one VM might also be present in an IVSMHMEM device designated for another VM. "

*         I can not understand why this insecurity<javascript:void(0);> happened, can anyone explain this for me ?

Mauricio Vasquez,