Re: [Qemu-devel] kvm guest-host separation

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] kvm guest-host separation

From:	Stefan Hajnoczi
Subject:	Re: [Qemu-devel] kvm guest-host separation
Date:	Tue, 21 Apr 2015 14:59:40 +0100
User-agent:	Mutt/1.5.23 (2014-03-12)

On Fri, Apr 17, 2015 at 08:31:47PM +0200, Andrei Bacs wrote:
> I would like to implement some security checks in the qemu user process
> that would monitor the disk I/O of a KVM guest.

You probably need to avoid QEMU's zero-copy disk I/O, depending on the
security checks you are performing.  Otherwise the guest can modify the
contents of I/O buffers while the host is checking them.

What are you trying to do?

Stefan

pgpswgYYHanFP.pgp
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] kvm guest-host separation, Andrei Bacs, 2015/04/17
- Re: [Qemu-devel] kvm guest-host separation, Stefan Hajnoczi <=

Prev by Date: Re: [Qemu-devel] [PATCH 1/3] target-arm: Add GIC phandle to VirtBoardInfo
Next by Date: [Qemu-devel] [PATCH] x86: Fix Opteron xlevels
Previous by thread: [Qemu-devel] kvm guest-host separation
Next by thread: [Qemu-devel] [PATCH v6 00/21] block: transactionless incremental backup series
Index(es):
- Date
- Thread