-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Fri, Jan 12, 2018 at 02:41:02PM -0800, Vít Šesták wrote:
> The XSA mentions PV-in-PVH workaround, the QSB does not. Why Qubes does not 
> go this way? Is it due to the timeline of releasing the patch? At first 
> sight, it looks like a more general solution – it might be applicable even 
> for VMs with PCI devices. (At least, the XSA does not mention such 
> limitations and the limitation in Qubes AFAIK arises just from limitation on 
> Linux kernel, not from Xen.)

There are two shims: PV-in-HVM aka Vixen and PV-in-PVH aka Comet. Both
have limitations making them incompatible (or at least suboptimal) in
Qubes:

Vixen:
 - memory ballooning not supported
 - qemu running in dom0

Comet:
 - PCI passthrough not supported (as this is not supported by PVH)
 - require more extensive changes to Xen and toolstack, done for 4.10
   only (yet)

> BTW, the table seems to be incorrect about stubdomains in Qubes 3.2. It looks 
> like some stubdomains are removed (“Stub domains - VMs w/o PCI devices” is PV 
> in 3.2 and N/A in 3.2+.). In 3.2, the stubdomain is not used unless user 
> explicitly requires full virtualization, and it is going to be the same.

Indeed, the table is about generic/default VMs. If one choose HVM, it
will have PV stubdomain, regardless of Qubes version. We'll clarify
this.

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAlpZdRkACgkQ24/THMrX
1yyg7gf/UpyKcKdvyZOewnauQ4F+l2Q5L6+MG1Nkti3XepitKDG16pjaHYC9Uvbj
Wpc6GyA9osG7rFLLaF1dfP4FljhphEu7BxFfSTVzQBxuCRZurqEhT+HxO+WdQmrH
RdFehdn748XKWA6OGRQcT2YVCCIXJ6GIrk2LWIZzeMrBX66pBAKmNNDLlo/1uYOq
C4ArUjkVq/jdBbfssnVcObjQOWQNpL9r8K390DJQKPM8gAA9n+X+wrzOPjuSaV4I
Dlj5+KX50pZLa5fOtksq0UiWoyQYC7ebBv/5kBUddbUdm1ToWYoihw26sjRD9jmF
VuXKXNJuJCk3jBMBadHDpiH0hxg8Dw==
=zEhr
-----END PGP SIGNATURE-----

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20180113025521.GA18591%40mail-itl.
For more options, visit https://groups.google.com/d/optout.

Reply via email to