[5/6] Vhost-pci RFC: Future Security Enhancement

Message ID	1464478595-146533-6-git-send-email-wei.w.wang@intel.com (mailing list archive)
State	New, archived
Headers	show Return-Path: <qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org> From: Wei Wang <wei.w.wang@intel.com> To: kvm@vger.kernel.org, qemu-devel@nongnu.org, virtio-comment@lists.oasis-open.org, virtio-dev@lists.oasis-open.org, mst@redhat.com, stefanha@redhat.com, pbonzini@redhat.com Date: Sun, 29 May 2016 07:36:34 +0800 Message-Id: <1464478595-146533-6-git-send-email-wei.w.wang@intel.com> In-Reply-To: <1464478595-146533-1-git-send-email-wei.w.wang@intel.com> References: <1464478595-146533-1-git-send-email-wei.w.wang@intel.com> Subject: [Qemu-devel] [PATCH 5/6] Vhost-pci RFC: Future Security Enhancement Precedence: list Cc: Wei Wang <wei.w.wang@intel.com> Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" <qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org>

Message ID

1464478595-146533-6-git-send-email-wei.w.wang@intel.com (mailing list archive)

State

New, archived

Headers

From: Wei Wang <wei.w.wang@intel.com>
To: kvm@vger.kernel.org, qemu-devel@nongnu.org,
	virtio-comment@lists.oasis-open.org, virtio-dev@lists.oasis-open.org, 
	mst@redhat.com, stefanha@redhat.com, pbonzini@redhat.com
Date: Sun, 29 May 2016 07:36:34 +0800
Message-Id: <1464478595-146533-6-git-send-email-wei.w.wang@intel.com>
In-Reply-To: <1464478595-146533-1-git-send-email-wei.w.wang@intel.com>
References: <1464478595-146533-1-git-send-email-wei.w.wang@intel.com>
Subject: [Qemu-devel] [PATCH 5/6] Vhost-pci RFC: Future Security Enhancement
Precedence: list
Cc: Wei Wang <wei.w.wang@intel.com>
Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org
Sender: "Qemu-devel"
	<qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org>

Commit Message

Wang, Wei W May 28, 2016, 11:36 p.m. UTC

Signed-off-by: Wei Wang <wei.w.wang@intel.com>
---
 FutureWorks | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 FutureWorks

diff --git a/FutureWorks b/FutureWorks
new file mode 100644
index 0000000..210edcd
--- /dev/null
+++ b/FutureWorks
@@ -0,0 +1,21 @@ 
+The vhost-pci design is currently suitable for a group of VMs who trust each
+other. To extend it to a more general use case, two security features can be
+added in the future.
+
+1 vIOMMU
+vIOMMU provides the driver VM with the ability to restrict the device VM to
+transiently access a specified portion of its memory. The vhost-pci design
+proposed in this RFC can be extended to access the driver VM's memory with
+vIOMMU. Precisely, the vIOMMU engine in the driver VM configures access
+permissions (R/W) for the vhost-pci device to access its memory. More details
+can be found at https://wiki.opnfv.org/display/kvm/Vm2vm+Mst and
+https://lists.gnu.org/archive/html/qemu-devel/2015-08/msg03993.html
+
+2 eptp switching
+The idea of eptp swithing allows a vhost-pci device driver to access the mapped
+driver VM's memory in an alternative view, where only a piece of trusted code
+can access the driver VM's memory. More details can be found at
+http://events.linuxfoundation.org/sites/events/files/slides/
+Jun_Nakajima_NFV_KVM%202015_final.pdf
+
+

[5/6] Vhost-pci RFC: Future Security Enhancement

Commit Message

Patch