Re: [Xen-devel] [PATCH 28/28] libxl: xsrestrict QEMU

[Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>]

Ian Campbell writes ("Re: [PATCH 28/28] libxl: xsrestrict QEMU"):
> On Tue, 2015-12-22 at 18:45 +0000, Ian Jackson wrote:
> > If QEMU supports xsrestrict, pass xsrestrict=on to it (by default).
> > 
> > XXX We need to do this only if xenstored supports it, and AFAICT there
> > is not a particularly easy way to test this.  Should we open a new
> > test xenstore connection to query this information ?  We could do this
> > once per libxl ctx.
> 
> Is this because the support is in oxenstored ^ cxenstored?

Yes.

> Otherwise I would argue that the toolstack should expect the xenstored to
> be at least as new as it is.

True.

> > * libxl__xs_directory on /physmap
> >   This is safe.
> 
> Potentially very many entries and hence a big return array? Are the guest
> quotas sufficient to not worry about this?

Yes, the quota has to deal with that anyway (since the directory is in
core in xenstored, anyway).

> Perhaps we should add a code comment to each of these places noting that
> the values are guest controlled, since it is a bit more unexpected in this
> case than e.g. frontend dirs.

This is a good idea.

> > +Information about an HVM domain's physical memory map.  This is
> > +written as well as read by device models which may run at the same
> > +privilege level of the guest domain.  When the device model ruus with
> 
> "runs"

Fixed, thanks.

Ian.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel