[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH XEN] tools: Update files examples PV&PVH with pygrub.

  • To: Alexandre GRIVEAUX <agriveaux@xxxxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
  • From: Juergen Gross <jgross@xxxxxxxx>
  • Date: Wed, 14 Jan 2026 08:51:50 +0100
  • Authentication-results: smtp-out1.suse.de; none
  • Autocrypt: addr=jgross@xxxxxxxx; keydata= xsBNBFOMcBYBCACgGjqjoGvbEouQZw/ToiBg9W98AlM2QHV+iNHsEs7kxWhKMjrioyspZKOB ycWxw3ie3j9uvg9EOB3aN4xiTv4qbnGiTr3oJhkB1gsb6ToJQZ8uxGq2kaV2KL9650I1SJve dYm8Of8Zd621lSmoKOwlNClALZNew72NjJLEzTalU1OdT7/i1TXkH09XSSI8mEQ/ouNcMvIJ NwQpd369y9bfIhWUiVXEK7MlRgUG6MvIj6Y3Am/BBLUVbDa4+gmzDC9ezlZkTZG2t14zWPvx XP3FAp2pkW0xqG7/377qptDmrk42GlSKN4z76ELnLxussxc7I2hx18NUcbP8+uty4bMxABEB AAHNH0p1ZXJnZW4gR3Jvc3MgPGpncm9zc0BzdXNlLmNvbT7CwHkEEwECACMFAlOMcK8CGwMH CwkIBwMCAQYVCAIJCgsEFgIDAQIeAQIXgAAKCRCw3p3WKL8TL8eZB/9G0juS/kDY9LhEXseh mE9U+iA1VsLhgDqVbsOtZ/S14LRFHczNd/Lqkn7souCSoyWsBs3/wO+OjPvxf7m+Ef+sMtr0 G5lCWEWa9wa0IXx5HRPW/ScL+e4AVUbL7rurYMfwCzco+7TfjhMEOkC+va5gzi1KrErgNRHH kg3PhlnRY0Udyqx++UYkAsN4TQuEhNN32MvN0Np3WlBJOgKcuXpIElmMM5f1BBzJSKBkW0Jc Wy3h2Wy912vHKpPV/Xv7ZwVJ27v7KcuZcErtptDevAljxJtE7aJG6WiBzm+v9EswyWxwMCIO RoVBYuiocc51872tRGywc03xaQydB+9R7BHPzsBNBFOMcBYBCADLMfoA44MwGOB9YT1V4KCy vAfd7E0BTfaAurbG+Olacciz3yd09QOmejFZC6AnoykydyvTFLAWYcSCdISMr88COmmCbJzn sHAogjexXiif6ANUUlHpjxlHCCcELmZUzomNDnEOTxZFeWMTFF9Rf2k2F0Tl4E5kmsNGgtSa aMO0rNZoOEiD/7UfPP3dfh8JCQ1VtUUsQtT1sxos8Eb/HmriJhnaTZ7Hp3jtgTVkV0ybpgFg w6WMaRkrBh17mV0z2ajjmabB7SJxcouSkR0hcpNl4oM74d2/VqoW4BxxxOD1FcNCObCELfIS auZx+XT6s+CE7Qi/c44ibBMR7hyjdzWbABEBAAHCwF8EGAECAAkFAlOMcBYCGwwACgkQsN6d 1ii/Ey9D+Af/WFr3q+bg/8v5tCknCtn92d5lyYTBNt7xgWzDZX8G6/pngzKyWfedArllp0Pn fgIXtMNV+3t8Li1Tg843EXkP7+2+CQ98MB8XvvPLYAfW8nNDV85TyVgWlldNcgdv7nn1Sq8g HwB2BHdIAkYce3hEoDQXt/mKlgEGsLpzJcnLKimtPXQQy9TxUaLBe9PInPd+Ohix0XOlY+Uk QFEx50Ki3rSDl2Zt2tnkNYKUCvTJq7jvOlaPd6d/W0tZqpyy7KVay+K4aMobDsodB3dvEAs6 ScCnh03dDAFgIq5nsB11j3KPKdVoPlfucX2c7kGNH+LUMbzqV6beIENfNexkOfxHfw==
  • Cc: Anthony PERARD <anthony.perard@xxxxxxxxxx>
  • Delivery-date: Wed, 14 Jan 2026 07:52:00 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 14.01.26 08:43, Jürgen Groß wrote:

On 14.01.26 08:26, Alexandre GRIVEAUX wrote:

Le 13/01/2026 à 07:15, Juergen Gross a écrit :

On 12.01.26 23:44, Alexandre GRIVEAUX wrote:

Update files exemples PV&PVH for non direct kernel boot with pygrub.

Signed-off-by: Alexandre GRIVEAUX <agriveaux@xxxxxxxxxxxx>
---
  tools/examples/xlexample.pvhlinux | 3 +++
  tools/examples/xlexample.pvlinux  | 3 +++
  2 files changed, 6 insertions(+)
diff --git a/tools/examples/xlexample.pvhlinux b/tools/examples/ xlexample.pvhlinux 
index 18305b80af..2bdd43c2c5 100644
--- a/tools/examples/xlexample.pvhlinux
+++ b/tools/examples/xlexample.pvhlinux
@@ -25,6 +25,9 @@ kernel = "/boot/vmlinuz"
  # Kernel command line options
  extra = "root=/dev/xvda1"
  +# Enable to use a grub2 emulation inside guest instead of direct kernel boot. 

I don't think this is correct.

pygrub is running in dom0, not in the guest.


Juergen


Hello,
I doesn't understand your reply, yes pygrub is running on the Dom0, and this goal is to behave like there is a grub2 on the DomU. 

Yes. This is why I don't like the wording "inside guest", which is just not
true.

Please be aware that we are trying to phase out pygrub, as it widens the
attack surface of dom0 from a guest. pygrub needs to look into guest
controlled file systems, so any bug in the related code (e.g. failure to
handle a corrupted or maliciously modified file system) might result in
security issues like code injection.

So I'm on the edge whether we really should make it easier to use pygrub.


One further note:

The only real advantage of pygrub is its ability to determine whether to
create a 32- or 64-bit PV guest depending on the kernel selected.

As 32-bit PV mode isn't supported by the Linux kernel since several years now,
this feature of pygrub is mostly interesting for very few legacy guests which
can be used with 32- OR 64-bit PV kernels.

For most use cases it is much better to use the PV or PVH variant of grub2,
which will really run inside the guest.


Juergen

Attachment: OpenPGP_0xB0DE9DD628BF132F.asc
Description: OpenPGP public key

Attachment: OpenPGP_signature.asc
Description: OpenPGP digital signature

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.