Re: [Xen-devel] [PATCH v3 4/4] x86/PV: enable the emulated PIT

[Andrew Cooper <andrew.cooper3@xxxxxxxxxx>]

On 18/01/16 11:06, Jan Beulich wrote:
>> Which gets us to the second, broader issue: These flags shouldn't
>> be forced to a particular value during migration, but instead they
>> should be part of the state getting migrated. Incoming domains
>> then would - if the field is missing due to coming from an older
>> hypervisor - have the flag default to 1.
>>>> There is sadly another ratsnest here.
>>> I've been afraid of that.
>>>
>>>> These values are needed for domain creation, which means that putting
>>>> them anywhere in the migration stream is already too late, as the domain
>>>> has been created before the stream header is read.
>>> Is that an inherent requirement, or just a result of current code
>>> structure?
>> Depends.  As far as libxc/libxl migration levels go, current code structure.
> I.e. fixable.
>
>> Whatever (eventually) gets used to set these values will however be
>> present in the xl configuration, which is at the very start of the
>> stream, and is what is used to create the new domain.
> Which makes me repeat the question: Is this an inherent property
> or just "that's the way it is right now"? And then of course the
> question arises whether setting those flags at domain creation time
> is the right model. I.e. ...
>
>> We really don't want the libxc migrate code to be making the
>> DOMCTL_createdomain hypercall itself; it opens up a whole new attack
>> surface via cunningly-crafted save image.  The best we can do is have a
>> sanity check later on.
> ... what about deriving the emulation flags from the various
> pieces of state getting loaded, at least when there are matching
> pairs (which namely is the case for PIT)?

How would you suggest setting theses flags up in the plain domain build
case then?

~Andrew

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel