From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from compass.polito.it (compass.polito.it [130.192.55.110]) by dpdk.org (Postfix) with ESMTP id 3CE3D2C16 for ; Fri, 22 Apr 2016 11:58:02 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by compass.polito.it (Postfix) with ESMTP id 0929210013B for ; Fri, 22 Apr 2016 11:58:02 +0200 (CEST) Authentication-Results: compass.polito.it (amavisd-new); dkim=pass (1024-bit key) reason="pass (just generated, assumed good)" header.d=studenti.polito.it DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d= studenti.polito.it; h=content-type:content-type:cc:to:from:from :subject:subject:message-id:date:date:references:in-reply-to :received:mime-version:received:received:received; s=y2k10; t= 1461319080; bh=nOYldDmV1YEIIM5ZfKgGcUwdvBTT6xZKKJgn186zoUs=; b=b 52tdBQ4u+el10R35kmrjkgGZXzDNf4KFRx3C5gjvJOqs/S1guhORGkSEnE4JDZSU xOedDoCPDUV/587XY14AVCSxuftbV5kRnDOaEDXJWrOeFcQyKX1bBPyWefL+L/UY Pi0FuryRlEh1OabcjZJIflTWDcCYJDKlpQbWoiUWcs= X-Virus-Scanned: amavisd-new at studenti.polito.it X-Spam-Flag: NO X-Spam-Score: -5.844 X-Spam-Level: X-Spam-Status: No, score=-5.844 tagged_above=-100 required=3.5 tests=[ALL_TRUSTED=-5, AWL=0.655, BAYES_00=-1.5, HTML_MESSAGE=0.001] autolearn=ham Received: from compass.polito.it ([127.0.0.1]) by localhost (compass.polito.it [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id R5qnk98eTp7d for ; Fri, 22 Apr 2016 11:58:00 +0200 (CEST) Received: from mail-lf0-f43.google.com (mail-lf0-f43.google.com [209.85.215.43]) (using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: s203403@studenti.polito.it) by compass.polito.it (Postfix) with ESMTPSA id 9382510011D for ; Fri, 22 Apr 2016 11:58:00 +0200 (CEST) Received: by mail-lf0-f43.google.com with SMTP id c126so76331988lfb.2 for ; Fri, 22 Apr 2016 02:58:00 -0700 (PDT) X-Gm-Message-State: AOPr4FX3ZQ3lU9WU2h/Ugn30P0EUEwkEubbI5piw9B1RgKo206wqjw+vOQzFm8YZFZgZby8hd6tWhPEX0A8jnA== MIME-Version: 1.0 X-Received: by 10.25.39.80 with SMTP id n77mr8271049lfn.98.1461319080167; Fri, 22 Apr 2016 02:58:00 -0700 (PDT) Received: by 10.25.4.200 with HTTP; Fri, 22 Apr 2016 02:58:00 -0700 (PDT) In-Reply-To: <3E257BB0E1F99A41843FB9EE242C420392A09915@nkgeml514-mbx.china.huawei.com> References: <3E257BB0E1F99A41843FB9EE242C420392A09915@nkgeml514-mbx.china.huawei.com> Date: Fri, 22 Apr 2016 11:58:00 +0200 X-Gmail-Original-Message-ID: Message-ID: From: =?UTF-8?Q?Mauricio_V=C3=A1squez?= To: "Yangyongqiang (Tony, Shannon)" Cc: "dev@dpdk.org" , "huangyongtao (A)" Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.15 Subject: Re: [dpdk-dev] ivshmem is secure or not ? why ? X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches and discussions about DPDK List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Apr 2016 09:58:02 -0000 Hello Yangyongqiang, On Fri, Apr 22, 2016 at 9:55 AM, Yangyongqiang (Tony, Shannon) < yangyongqiang@huawei.com> wrote: > From http://dpdk.org/doc/guides/prog_guide/ivshmem_lib.html, I get this > : different vms can use different metadatas, so different vms can have > different memory shared with host. > > For example: > If vm1 shares MZ1 with host, and vm2 shares MZ2 with host, then vm1 can > not look MZ2. If this is true, then I think ivshmem is secured. > It is not true. In order to share a memzone, the current implementation of ivshmem shares the whole hugepages that contain that memzone, then, in the case MZ1 and MZ2 are in the same hugepage, both guest could access both memory zones. > > But "9.3. Best Practices for Writing IVSHMEM Applications"section say : > "While the IVSHMEM library tries to share as little memory as possible, it > is quite probable that data designated for one VM might also be present in > an IVSMHMEM device designated for another VM. " > > * I can not understand why this insecurity > happened, can anyone explain this for me ? > Mauricio Vasquez,