From mboxrd@z Thu Jan 1 00:00:00 1970 From: Fam Zheng Subject: Re: How does kvm achieve an 'advanced' process separation Date: Thu, 29 Jan 2015 17:38:28 +0800 Message-ID: <20150129093828.GA15046@ad.nay.redhat.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: kvm@vger.kernel.org To: Kun Cheng Return-path: Received: from mx1.redhat.com ([209.132.183.28]:55329 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753697AbbA2Jid (ORCPT ); Thu, 29 Jan 2015 04:38:33 -0500 Content-Disposition: inline In-Reply-To: Sender: kvm-owner@vger.kernel.org List-ID: On Thu, 01/29 16:51, Kun Cheng wrote: > Hey guys, Hi! > > That might be a dumb question, but currently I find myself unable to > clearly explain that to others. As we all know how CPU and memory is > virtualised, and how memory address space is translated using the > shadow page table or EPT, that creates each VM an individual running > space. However, as each VM process is essentially an Linux process, > how are they unable to do IPC among them? > > I tried to answer that question, but I was not confident about my explanation. > > Here's what I thought about. > > First, VMM like Xen or KVM supports virtualised OSes (paravirtualised > or hardware-assisted virtualised). OS provides IPC mechanism but > itself cannot use it to communicate with another OS. Although they run > in guest machines which are essentially host's processes , they still > cannot do IPC with others. > > Second, each VM process runs in an individual virtualised platform, > it's the only OS running dominantly on its own virtualised resources, > so it's unable to be aware of others. > (But as each VM process has its PID, their processes have the > potentials to do IPC if another one's PID is notified? ) > > Finally, the question can be described as, how does KVM enhance the > process isolation to prevent those VM processes to IPC with each > other? Unlike a normal process on the host OS, a VM doesn't have any access to host OS resources, except those that are intentionally "virtualized", such as CPU, memory and IO devices: basically all of which have a behavior that resembles real hardware. IPC, in contrary, is usually supported by an OS in the form of system calls, which is a totally different category of resources or functions, that is not "virtualized" by the hypervisor, thus it is essentially not exposed to guest. The hypervisor makes sure that the guest doesn't see the existence of host process where the guest lives at all - it doesn't need to know, nor should it. In order to communicate with outside, guest has to only use whatever are provided to it - specifically, IO devices, be it a paravirtualized NIC or emulated USB device. > > I also notice that KVM seems to be benefited from cgroups, is that > contributing to the isolation? It's not the fundamental of virtualization, although could possibly be utilized in some cases to enforce the isolation. Hope that helps. Fam > > I hope someone could give me a perfect answer. However, any useful > reply is appreciated. > -- > To unsubscribe from this list: send the line "unsubscribe kvm" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html