Re: [libvirt] [PATCH 0/8] Hostdev-hybrid patches
On 09/11/2012 01:07 PM, Laine Stump wrote:
* On the guest, these two network devices with matching MAC addresses
are put together into a bond interface, with an extra driver that causes
the bond to prefer the pci-passthrough device when it is present. So,
under normal circumstances *all* traffic goes through the
pci-passthrough device.
* At migration time, since guests with attached pci-passthrough devices
can't be migrated, the pci-passthrough device (which is found by
searching the hostdev array for items with the "ephemeral" flag set) is
detached. This reduces the bond interface on the guest to only having
the virtio-net device, so traffic now passes through that device - it's
slower, but connectivity is maintained.
And if this is the case, it means that 1) the guest must be aware that
it is virtualized, and 2) can detect when it is being migrated. The
ideal virtualization is one in where the guest doesn't have to be aware
of anything, but the goal of this patch is not ideal guest behavior, so
much as faster performance by explicitly making virtualization a leaky
interface where the guest has to cooperate.
Assuming I'm correct, does that have any security implications on the
host? Or are we okay even if the guest is malicious, because the worst
the guest can do is use the slower interface rather than the faster
pci-passthrough device?
I have other questions beyond that, but either don't understand
the code
enough yet to verbalize them, or will ask them next to the associated code.
Seconded :)
--
Eric Blake eblake(a)redhat.com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
Attachments:
- signature.asc (application/pgp-signature — 617 bytes)