Julian, Stefan's concerns are valid.
(Hopefully, kernel is harder to exploit and more carefully audited.) On Wed, May 29, 2013 at 9:02 AM, Julian Stecklina <jstec...@os.inf.tu-dresden.de> wrote: > On 05/29/2013 04:21 PM, Stefan Hajnoczi wrote: >> The fact that a single switch process has shared memory access to all >> guests' RAM is critical. If the switch process is exploited, then that >> exposes other guests' data! (Think of a multi-tenant host with guests >> belonging to different users.) > > True. But people don't mind having instruction decoding and half of > virtio in the kernel these days, so it can't be that security critical... > > Julian >