[PATCH RFC v2 00/13] IOMMUFD Generic interface
Jason Gunthorpe
jgg at nvidia.com
Thu Sep 22 14:13:42 UTC 2022
On Thu, Sep 22, 2022 at 12:06:33PM +0100, Daniel P. Berrangé wrote:
> So per-user locked mem accounting looks like a regression in
> our VM isolation abilities compared to the per-task accounting.
For this kind of API the management app needs to put each VM in its
own user, which I'm a bit surprised it doesn't already do as a further
protection against cross-process concerns.
The question here is how to we provide enough compatability for this
existing methodology while still closing the security holes and
inconsistencies that exist in the kernel implementation.
Jason
More information about the libvir-list
mailing list