Re: [Publicity] Blog-post RFC: Hardening Xen against VENOM-style attacks

[Anil Madhavapeddy <anil@xxxxxxxxxx>]

On 14 May 2015, at 11:59, Stefano Stabellini <stefano.stabellini@xxxxxxxxxxxxx> 
wrote:
> 
> On Thu, 14 May 2015, George Dunlap wrote:
>> On 05/14/2015 11:39 AM, Anil Madhavapeddy wrote:
>>> Yeah... it's worth noting that unikernels like MirageOS or HaLVM never use 
>>> the x86 device emulation and so require a far easier to audit hypervisor 
>>> TCB that doesn't involve qemu.
>>> 
>>> Also, is it worth mentioning why the qemu stub domain isn't the default?  
>>> Is it all compiled and installed in most of the hypervisor distributions on 
>>> Ubuntu/CentOS/etc?  I don't think even XenServer uses qemu stub domains, 
>>> although that might have changed in the recent release.
>> 
>> Well the main reason is that qemu-upstream doesn't work with stub
>> domains yet.  Anthony worked on it for what, a year?  He got pretty far
>> but there are just a lot of thorny issues to deal with.
> 
> To be fair, there are also other reasons: memory overhead, number of
> domains doubling, and the additional complexity of having 2 QEMUs for
> each domain (there is still one QEMU in Dom0 running for each guest,
> although it just provides the PV backends).
> 

Perhaps just noting some of the downsides in the blog post would be a
little more balanced.  Right now it just instructs users to go hassle
their cloud provider, who will bounce right back to xen-devel with these
sorts of questions :-)

-a


_______________________________________________
Publicity mailing list
Publicity@xxxxxxxxxxxxxxxxxxxx
http://lists.xenproject.org/cgi-bin/mailman/listinfo/publicity