On 2/22/18 11:12 PM, Tian, Kevin wrote: >> From: Wei Liu >> Sent: Thursday, February 22, 2018 5:47 AM >> >> Hi all >> >> At some point I would like to make CONFIG_HVM and CONFIG_PV work. >> The >> passthrough code is one of the road blocks for that work. > > Can you elaborate the motivation of this change? why does someone > want to disable HVM or PV logic completely from hypervisor?
I can say I recall advocating for this at Xen Summit in Cambridge. I believe I talked about it in Toronto as well. There are a number of users of Xen that would certainly want to ship without all the code associated with PV compiled in. Given the nature of design "compromises" in many parts of x86 systems there is certainly a non-zero sum of people that would likely utilize the ability to remove code that doesn't need to be there. I think every individual on this list who has been involved in the security has been in a room of @intel.com folks has seen features vs security win out many times. I don't think its a hard stretch of the imagination to see people disabling PV in data centers running newer workloads on PVH and HVM only. I can see the real question being why HVM? That I would say lies with the direction of discretionary access controls in Xen vs mandatory access controls. To solve for the lack of functionality we've grown things like "dmops" and I could certainly see a product like Qubes running only PVH domains in the future. Since I picked on Qubes I've CC'd Marek. -- Doug Goldstein
Description: OpenPGP digital signature
_______________________________________________ Xen-devel mailing list Xenemail@example.com https://lists.xenproject.org/mailman/listinfo/xen-devel