-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Fri, Jan 12, 2018 at 02:41:02PM -0800, Vít Šesták wrote: > The XSA mentions PV-in-PVH workaround, the QSB does not. Why Qubes does not > go this way? Is it due to the timeline of releasing the patch? At first > sight, it looks like a more general solution – it might be applicable even > for VMs with PCI devices. (At least, the XSA does not mention such > limitations and the limitation in Qubes AFAIK arises just from limitation on > Linux kernel, not from Xen.)
There are two shims: PV-in-HVM aka Vixen and PV-in-PVH aka Comet. Both have limitations making them incompatible (or at least suboptimal) in Qubes: Vixen: - memory ballooning not supported - qemu running in dom0 Comet: - PCI passthrough not supported (as this is not supported by PVH) - require more extensive changes to Xen and toolstack, done for 4.10 only (yet) > BTW, the table seems to be incorrect about stubdomains in Qubes 3.2. It looks > like some stubdomains are removed (“Stub domains - VMs w/o PCI devices” is PV > in 3.2 and N/A in 3.2+.). In 3.2, the stubdomain is not used unless user > explicitly requires full virtualization, and it is going to be the same. Indeed, the table is about generic/default VMs. If one choose HVM, it will have PV stubdomain, regardless of Qubes version. We'll clarify this. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAlpZdRkACgkQ24/THMrX 1yyg7gf/UpyKcKdvyZOewnauQ4F+l2Q5L6+MG1Nkti3XepitKDG16pjaHYC9Uvbj Wpc6GyA9osG7rFLLaF1dfP4FljhphEu7BxFfSTVzQBxuCRZurqEhT+HxO+WdQmrH RdFehdn748XKWA6OGRQcT2YVCCIXJ6GIrk2LWIZzeMrBX66pBAKmNNDLlo/1uYOq C4ArUjkVq/jdBbfssnVcObjQOWQNpL9r8K390DJQKPM8gAA9n+X+wrzOPjuSaV4I Dlj5+KX50pZLa5fOtksq0UiWoyQYC7ebBv/5kBUddbUdm1ToWYoihw26sjRD9jmF VuXKXNJuJCk3jBMBadHDpiH0hxg8Dw== =zEhr -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to firstname.lastname@example.org. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20180113025521.GA18591%40mail-itl. For more options, visit https://groups.google.com/d/optout.