On 11/02/2010 11:31 AM, Gerd Hoffmann wrote:
Hi,
(BTW, I noticed that Xenner does not limit guest segments like Xen does.
Does it mean the guest can overwrite the Xenner kernel and effectively
run ring0?)
Yes. The guest also can modify page tables as it pleases. It is the
vmx/svm container which protects the host, not the xenner kernel.
Yes, got it. I was trying to understand exactly which parts are
guest-facing (the answer is "everything") and which are only
xenner-facing (and here the answer is "none" :)).
Paolo
