From: "Colin Walters" <[email protected]>
To: "Stefano Garzarella" <[email protected]>,
"Andy Lutomirski" <[email protected]>
Cc: "Jens Axboe" <[email protected]>, "Christoph Hellwig" <[email protected]>,
"Kees Cook" <[email protected]>,
"Pavel Begunkov" <[email protected]>,
"Miklos Szeredi" <[email protected]>,
"Matthew Wilcox" <[email protected]>,
"Jann Horn" <[email protected]>,
"Christian Brauner" <[email protected]>,
[email protected], [email protected],
"Linux API" <[email protected]>,
"Linux FS Devel" <[email protected]>,
LKML <[email protected]>,
"Michael Kerrisk" <[email protected]>,
"Stefan Hajnoczi" <[email protected]>
Subject: Re: strace of io_uring events?
Date: Thu, 23 Jul 2020 09:37:40 -0400 [thread overview]
Message-ID: <[email protected]> (raw)
In-Reply-To: <20200721155848.32xtze5ntvcmjv63@steredhat>
On Tue, Jul 21, 2020, at 11:58 AM, Stefano Garzarella wrote:
> my use case concerns virtualization. The idea, that I described in the
> proposal of io-uring restrictions [1], is to share io_uring CQ and SQ queues
> with a guest VM for block operations.
Virtualization being a strong security barrier is in eternal conflict with maximizing performance.
All of these "let's add a special guest/host channel" are high risk areas.
And this effort in particular - is it *really* worth it to expose a brand new, fast moving Linux kernel interface (that probably hasn't been fuzzed as much as it needs to be) to virtual machines?
People who want maximum performance at the cost of a bit of security already have the choice to use Linux containers, where they can use io_uring natively.
next prev parent reply other threads:[~2020-07-23 13:38 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-15 11:12 strace of io_uring events? Miklos Szeredi
2020-07-15 14:35 ` Andy Lutomirski
2020-07-15 17:11 ` Matthew Wilcox
2020-07-15 19:42 ` Pavel Begunkov
2020-07-15 20:09 ` Miklos Szeredi
2020-07-15 20:20 ` Pavel Begunkov
2020-07-15 23:07 ` Kees Cook
2020-07-16 13:14 ` Stefano Garzarella
2020-07-16 15:12 ` Kees Cook
2020-07-17 8:01 ` Stefano Garzarella
2020-07-21 15:27 ` Andy Lutomirski
2020-07-21 15:31 ` Jens Axboe
2020-07-21 17:23 ` Andy Lutomirski
2020-07-21 17:30 ` Jens Axboe
2020-07-21 17:44 ` Andy Lutomirski
2020-07-21 18:39 ` Jens Axboe
2020-07-21 19:44 ` Andy Lutomirski
2020-07-21 19:48 ` Jens Axboe
2020-07-21 19:56 ` Andres Freund
2020-07-21 19:37 ` Andres Freund
2020-07-21 15:58 ` Stefano Garzarella
2020-07-23 10:39 ` Stefan Hajnoczi
2020-07-23 13:37 ` Colin Walters [this message]
2020-07-24 7:25 ` Stefano Garzarella
2020-07-16 13:17 ` Aleksa Sarai
2020-07-16 15:19 ` Kees Cook
2020-07-17 8:17 ` Cyril Hrubis
2020-07-16 16:24 ` Andy Lutomirski
2020-07-16 0:12 ` tytso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=d57e169a-55a0-4fa2-a7f2-9a462a786a38@www.fastmail.com \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox