WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

Re: [Xen-devel] [PATCH, v2] add privileged/unprivileged kernel feature i

To: "Ian Campbell" <Ian.Campbell@xxxxxxxxxxxxx>, "Keir Fraser" <keir@xxxxxxx>
Subject: Re: [Xen-devel] [PATCH, v2] add privileged/unprivileged kernel feature indication
From: "Jan Beulich" <JBeulich@xxxxxxxxxx>
Date: Thu, 21 Jul 2011 10:01:40 +0100
Cc: "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>
Delivery-date: Thu, 21 Jul 2011 02:11:27 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <CA4DA6F3.2F9C9%keir@xxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <4E27FC7A020000780004EBE6@xxxxxxxxxxxxxxxxxxxx> <CA4DA6F3.2F9C9%keir@xxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
>>> On 21.07.11 at 10:50, Keir Fraser <keir@xxxxxxx> wrote:
> On 21/07/2011 09:16, "Jan Beulich" <JBeulich@xxxxxxxxxx> wrote:
> 
>>> You say it is a Linux notion that dom0 implies domU but I am not aware
>>> of any PV OS which supports dom0 that doesn't also support domU, do you
>>> have specific examples of OSes which are dom0-only?
>> 
>> No, I'm not aware of any existing ones, but I also wasn't in favor of
>> the move to imply unprivileged capabilities when Linux is configured
>> as privileged guest (iirc this wasn't the case from the very beginning).
>> 
>> And again, imo an interface like the hypervisor's shouldn't dictate any
>> kind of policy on the guest OSes.
> 
> My own issue with the unprivileged flag is that I'm not clear what it
> actually means. When would you *not* set it? I mean it looks in the Linux
> side you set it unconditionally right now. What's the point? Why not remove
> the flag and introduce it when we have good reason and can attach meaningful
> semantics to it?

Again - you're talking about an actual guest side implementation (which,
in this particular case, has to honor how the rest of the implementation
is done, i.e. it has to set the flag unconditionally). I'm talking about an
abstract interface definition that should suit everyone (existing as well
as yet to come).

> There we are, we're two against one now ;-)

Still hoping you both get my point. If not, I'll have to give in without
being convinced.

Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

<Prev in Thread] Current Thread [Next in Thread>