[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH 5/6] Vhost-pci RFC: Future Security Enhancement
From: |
Wei Wang |
Subject: |
[Qemu-devel] [PATCH 5/6] Vhost-pci RFC: Future Security Enhancement |
Date: |
Sun, 29 May 2016 07:36:34 +0800 |
Signed-off-by: Wei Wang <address@hidden>
---
FutureWorks | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)
create mode 100644 FutureWorks
diff --git a/FutureWorks b/FutureWorks
new file mode 100644
index 0000000..210edcd
--- /dev/null
+++ b/FutureWorks
@@ -0,0 +1,21 @@
+The vhost-pci design is currently suitable for a group of VMs who trust each
+other. To extend it to a more general use case, two security features can be
+added in the future.
+
+1 vIOMMU
+vIOMMU provides the driver VM with the ability to restrict the device VM to
+transiently access a specified portion of its memory. The vhost-pci design
+proposed in this RFC can be extended to access the driver VM's memory with
+vIOMMU. Precisely, the vIOMMU engine in the driver VM configures access
+permissions (R/W) for the vhost-pci device to access its memory. More details
+can be found at https://wiki.opnfv.org/display/kvm/Vm2vm+Mst and
+https://lists.gnu.org/archive/html/qemu-devel/2015-08/msg03993.html
+
+2 eptp switching
+The idea of eptp swithing allows a vhost-pci device driver to access the mapped
+driver VM's memory in an alternative view, where only a piece of trusted code
+can access the driver VM's memory. More details can be found at
+http://events.linuxfoundation.org/sites/events/files/slides/
+Jun_Nakajima_NFV_KVM%202015_final.pdf
+
+
--
1.8.3.1
- [Qemu-devel] [PATCH 0/6] *** Vhost-pci RFC ***, Wei Wang, 2016/05/28
- [Qemu-devel] [PATCH 2/6] Vhost-pci RFC: Modification Scope, Wei Wang, 2016/05/28
- [Qemu-devel] [PATCH 5/6] Vhost-pci RFC: Future Security Enhancement,
Wei Wang <=
- [Qemu-devel] [PATCH 3/6] Vhost-pci RFC: Benefits to KVM, Wei Wang, 2016/05/28
- [Qemu-devel] [PATCH 1/6] Vhost-pci RFC: Introduction, Wei Wang, 2016/05/28
- [Qemu-devel] [PATCH 4/6] Vhost-pci RFC: Detailed Description in the Virtio Specification Format, Wei Wang, 2016/05/28
- [Qemu-devel] [PATCH 6/6] Vhost-pci RFC: Experimental Results, Wei Wang, 2016/05/28
- Re: [Qemu-devel] [PATCH 0/6] *** Vhost-pci RFC ***, Eric Blake, 2016/05/31