[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH RFC] x86/hvm: unify HVM and PVH hypercall tables.

At 17:53 +0100 on 08 May (1399568036), George Dunlap wrote:
> One thing to consider is that regardless of whether a hypercall is
> safe for HVM guests *if implemented correctly*, every additional
> hypercall exposed increases the risk that an attacker will be able to
> find one which is *not* implemented correctly and be able to take
> advantage of it.

This is true.  My hope is that, in the long run, the code
simplification by merging PVH will be worthwhile.  For some things I
think we'll still want to have flags to turn them off (e.g. qemu, ACPI
emulation, various timers); I'm not sure that there's anything here
that's worth making that kind of exception for. 

> Obviously the *best* solution to that would be Flask, but AFAICT it's
> not very widely used.

Yep.

Cheers,

Tim.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.