>>> On 18.01.16 at 17:10, <andrew.coop...@citrix.com> wrote: > On 18/01/16 11:06, Jan Beulich wrote: >>> Whatever (eventually) gets used to set these values will however be >>> present in the xl configuration, which is at the very start of the >>> stream, and is what is used to create the new domain. >> Which makes me repeat the question: Is this an inherent property >> or just "that's the way it is right now"? And then of course the >> question arises whether setting those flags at domain creation time >> is the right model. I.e. ... >> >>> We really don't want the libxc migrate code to be making the >>> DOMCTL_createdomain hypercall itself; it opens up a whole new attack >>> surface via cunningly-crafted save image. The best we can do is have a >>> sanity check later on. >> ... what about deriving the emulation flags from the various >> pieces of state getting loaded, at least when there are matching >> pairs (which namely is the case for PIT)? > > How would you suggest setting theses flags up in the plain domain build > case then?
Via a specific (new) hypercall, along the lines of what XEN_DOMCTL_arm_configure_domain was? Jan _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel
