On Mon, 17 Feb 2020 19:21:50 +0100 Boris Brezillon <[email protected]> wrote:
> > > Thats why I don't like the new virtio device idea much and would prefer > > > vhost being reused, either directly (#1) or via proxy (#2). > > > > For crosvm's purposes, we are looking at ways to reduce vhost usage in > > order to reduce host kernel exposure to untrusted guest input, > > including from the guest kernel. That is why a non-vhost based > > solution would be prefered. > > Okay, I didn't know you were avoiding vhost-based solutions to > reduce the attack surface. Looks like they implemented vhost-less vsock in Firecracker[1]. Not sure how much work that would be to port this implementation to crosvm, but maybe that's an option. [1]https://github.com/firecracker-microvm/firecracker/pull/1176 --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
