On 16/05/17 03:54, Boris Ostrovsky wrote: > >> 2) Or, perhaps more importantly, what distinguishes said guest? > > Simplifying things a bit, it's an HVM guest that doesn't have device > model (i.e. qemu) and which is booted directly (i.e. without hvmloader)
The "booted directly" isn't relevant here. While being able to boot a PVH kernel directly is useful for development purposes, it is problematic for production purposes. For production systems, mounting of the guest filesystem and parsing of the guest kernel should happen in guest context, rather than dom0 context, to remove the security attack surfaces present in the PV guest model. ~Andrew _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel
