[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Questions about PVHv2/HVMlite

To: Boris Ostrovsky <boris.ostrovsky@xxxxxxxxxx>, Gary R Hook <ghook@xxxxxxx>, <xen-devel@xxxxxxxxxxxxx>
From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
Date: Tue, 16 May 2017 10:36:45 +0100
Delivery-date: Tue, 16 May 2017 09:36:54 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

On 16/05/17 03:54, Boris Ostrovsky wrote:
>
>>   2) Or, perhaps more importantly, what distinguishes said guest?
>
> Simplifying things a bit, it's an HVM guest that doesn't have device
> model (i.e. qemu) and which is booted directly (i.e. without hvmloader)

The "booted directly" isn't relevant here.

While being able to boot a PVH kernel directly is useful for development
purposes, it is problematic for production purposes.  For production
systems, mounting of the guest filesystem and parsing of the guest
kernel should happen in guest context, rather than dom0 context, to
remove the security attack surfaces present in the PV guest model.

~Andrew

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] Questions about PVHv2/HVMlite
  - From: Gary R Hook

References:
- [Xen-devel] Questions about PVHv2/HVMlite
  - From: Gary R Hook
- Re: [Xen-devel] Questions about PVHv2/HVMlite
  - From: Boris Ostrovsky

Prev by Date: Re: [Xen-devel] [PATCH 1/3] xen/blkback: fix disconnect while I/Os in flight
Next by Date: Re: [Xen-devel] [PATCH v2 1/3] x86/physdev: factor out the code to allocate and map a pirq
Previous by thread: Re: [Xen-devel] Questions about PVHv2/HVMlite
Next by thread: Re: [Xen-devel] Questions about PVHv2/HVMlite
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.