From: Stefano Stabellini <sstabellini@kernel.org>
To: George Dunlap <george.dunlap@citrix.com>
Cc: Stefano Stabellini <sstabellini@kernel.org>,
Andrii Anisov <andrii_anisov@epam.com>,
Volodymyr Babchuk <vlad.babchuk@gmail.com>,
Andrew Cooper <andrew.cooper3@citrix.com>,
Dario Faggioli <dario.faggioli@citrix.com>,
Tim Deegan <tim@xen.org>, Xen Devel <xen-devel@lists.xen.org>,
Julien Grall <julien.grall@arm.com>,
Jan Beulich <JBeulich@suse.com>, Wei Liu <wei.liu2@citrix.com>,
Ian Jackson <ian.jackson@eu.citrix.com>,
Artem Mygaiev <joculator@gmail.com>
Subject: Re: Modules support in Xen (WAS: Re: [ARM] Native application design and discussion (I hope))
Date: Fri, 12 May 2017 11:43:07 -0700 (PDT) [thread overview]
Message-ID: <alpine.DEB.2.10.1705121132240.24729@sstabellini-ThinkPad-X260> (raw)
In-Reply-To: <CAFLBxZZVQS+9w-HNP-maukXMe0A3de=4QWhU8WB4x=J0NCHNqQ@mail.gmail.com>
On Fri, 12 May 2017, George Dunlap wrote:
> So given your examples, I see no reason not to have several
> implementations of different mediators or emulated devices in tree, or
> in a XenProject-managed git repo (like mini-os.git). I don't know the
> particulars about mediators or the devices you have in mind, but if
> you can show technical reasons why they need to be run in the
> hypervisor rather than somewhere else (for performance or security
> sake, for instance), there's no reason in principle not to add them to
> the hypervisor code; and if they're in the hypervisor, then they
> should be in xen.git.
On the topic of the technical reasons for being out of the hypervisor
(EL0 app or stubdom), I'll spend a couple of words on security.
How large are these components? If they increase the hypervisor code
size too much, it's best if they are run elsewhere.
What is their guest-exposed attack surface? If it's large it's best to
run them out of the hypervisor.
My gut feeling is that both these points might be a problem.
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
next prev parent reply other threads:[~2017-05-12 18:43 UTC|newest]
Thread overview: 78+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-04-06 20:21 [ARM] Native application design and discussion (I hope) Volodymyr Babchuk
2017-04-06 21:31 ` Stefano Stabellini
2017-04-07 11:03 ` Volodymyr Babchuk
2017-04-07 23:36 ` Stefano Stabellini
2017-04-11 20:32 ` Stefano Stabellini
2017-04-12 18:13 ` Dario Faggioli
2017-04-12 19:17 ` Stefano Stabellini
2017-04-20 20:20 ` Volodymyr Babchuk
2017-04-21 14:42 ` Andrii Anisov
2017-04-21 15:49 ` Julien Grall
2017-04-21 16:08 ` Volodymyr Babchuk
2017-04-21 16:20 ` Andrii Anisov
2017-04-21 20:58 ` Stefano Stabellini
2017-04-21 21:17 ` Stefano Stabellini
2017-04-24 16:56 ` Andrii Anisov
2017-04-24 18:08 ` Stefano Stabellini
2017-04-25 10:15 ` Andrii Anisov
2017-05-05 10:51 ` Andrii Anisov
2017-05-05 19:28 ` Stefano Stabellini
2017-05-08 10:46 ` George Dunlap
2017-05-08 18:31 ` Stefano Stabellini
2017-05-08 18:33 ` Julien Grall
2017-05-09 8:53 ` George Dunlap
2017-05-10 16:38 ` Andrii Anisov
2017-05-09 10:13 ` Dario Faggioli
2017-05-09 10:32 ` Julien Grall
2017-05-09 11:08 ` Dario Faggioli
2017-05-09 11:19 ` Julien Grall
2017-05-09 18:29 ` Stefano Stabellini
2017-05-10 9:56 ` George Dunlap
2017-05-10 10:00 ` Julien Grall
2017-05-10 10:03 ` George Dunlap
2017-05-10 10:48 ` Julien Grall
2017-05-10 17:37 ` Volodymyr Babchuk
2017-05-10 18:05 ` Stefano Stabellini
2017-05-10 19:04 ` Julien Grall
2017-05-11 10:07 ` Julien Grall
2017-05-11 11:28 ` Volodymyr Babchuk
2017-05-10 18:08 ` Andrii Anisov
2017-05-10 18:24 ` Stefano Stabellini
2017-05-11 15:19 ` Volodymyr Babchuk
2017-05-11 15:35 ` Modules support in Xen (WAS: Re: [ARM] Native application design and discussion (I hope)) Julien Grall
2017-05-11 16:35 ` George Dunlap
2017-05-11 17:14 ` Volodymyr Babchuk
2017-05-11 17:20 ` George Dunlap
2017-05-11 17:53 ` Lars Kurth
2017-05-11 17:14 ` George Dunlap
2017-05-11 17:16 ` George Dunlap
2017-05-11 18:13 ` Volodymyr Babchuk
2017-05-12 11:48 ` George Dunlap
2017-05-12 18:43 ` Stefano Stabellini [this message]
2017-05-12 19:04 ` Volodymyr Babchuk
2017-05-15 11:21 ` George Dunlap
2017-05-15 17:32 ` Stefano Stabellini
2017-05-11 18:04 ` Stefano Stabellini
2017-05-11 18:39 ` Volodymyr Babchuk
2017-05-05 11:09 ` [ARM] Native application design and discussion (I hope) Andrii Anisov
2017-04-24 19:11 ` Julien Grall
2017-04-24 21:41 ` Volodymyr Babchuk
2017-04-25 11:43 ` Julien Grall
2017-04-26 21:44 ` Volodymyr Babchuk
2017-04-27 17:26 ` Volodymyr Babchuk
2017-05-02 12:52 ` Julien Grall
2017-05-02 12:42 ` Julien Grall
2017-04-25 8:52 ` Andrii Anisov
2017-04-21 15:57 ` Julien Grall
2017-04-21 16:16 ` Volodymyr Babchuk
2017-04-21 16:47 ` Julien Grall
2017-04-21 17:04 ` Volodymyr Babchuk
2017-04-21 17:38 ` Julien Grall
2017-04-21 18:35 ` Volodymyr Babchuk
2017-04-24 11:00 ` Julien Grall
2017-04-24 21:29 ` Volodymyr Babchuk
2017-04-21 21:24 ` Stefano Stabellini
2017-04-24 16:14 ` Andrii Anisov
2017-04-24 16:46 ` Andrii Anisov
2017-04-27 15:25 ` George Dunlap
2017-05-02 12:45 ` Julien Grall
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=alpine.DEB.2.10.1705121132240.24729@sstabellini-ThinkPad-X260 \
--to=sstabellini@kernel.org \
--cc=JBeulich@suse.com \
--cc=andrew.cooper3@citrix.com \
--cc=andrii_anisov@epam.com \
--cc=dario.faggioli@citrix.com \
--cc=george.dunlap@citrix.com \
--cc=ian.jackson@eu.citrix.com \
--cc=joculator@gmail.com \
--cc=julien.grall@arm.com \
--cc=tim@xen.org \
--cc=vlad.babchuk@gmail.com \
--cc=wei.liu2@citrix.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.