[dpdk-dev] ivshmem is secure or not ? why ?

Yangyongqiang (Tony, Shannon) yangyongqiang at huawei.com
Fri Apr 22 09:55:41 CEST 2016


>From http://dpdk.org/doc/guides/prog_guide/ivshmem_lib.html,  I get this : different vms can use different metadatas, so different vms can have different memory shared with host.

For example:
If vm1 shares MZ1 with host, and vm2 shares MZ2 with host, then vm1 can not look MZ2.  If this is true, then I think ivshmem is secured.

But "9.3. Best Practices for Writing IVSHMEM Applications"section say : "While the IVSHMEM library tries to share as little memory as possible, it is quite probable that data designated for one VM might also be present in an IVSMHMEM device designated for another VM. "

*         I can not understand why this insecurity<javascript:void(0);> happened, can anyone explain this for me ?


More information about the dev mailing list