[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] KVM call minutes for Feb 8
|
From: |
Gleb Natapov |
|
Subject: |
Re: [Qemu-devel] KVM call minutes for Feb 8 |
|
Date: |
Thu, 10 Feb 2011 12:10:04 +0200 |
On Thu, Feb 10, 2011 at 11:00:50AM +0100, Anthony Liguori wrote:
> On 02/10/2011 10:07 AM, Gleb Natapov wrote:
> >So what if it is easier, it doesn't mean it is correct thing to do.
>
> If we spend the next 10 years trying to do the "correct thing" for
> some arbitrary definition of correct, that's not terribly useful.
Changing direction by 180 every 2 years even less useful.
>
> It's really simple actually. Let's do the least clever thing and
> model how hardware actual works. Once we have that, we can try to
> be better than real hardware (if it's possible).
I think out understanding on how HW actually works is very different.
You are placing to much value on were device resides physically, for me
it is completely unimportant detail. Not worth even mentioning.
>
> >
> >>If all composition is done through a factory interface, it doesn't.
> >>But my main argument here is that we shouldn't try to make all
> >>composition done through a factory interface--only where it makes
> >>sense.
> >>
> >>So very concretely, I'm suggesting we do the following to target-i386:
> >>
> >>1) make the i440fx device have an embedded ide controller, piix3,
> >>and usb controller that get initialized automatically. The piix3
> >>embeds the PCI-to-ISA bridge along with all of the default ISA
> >>devices (rtc, serial, etc.).
> >This may be a problem even from security point of view. What if usb code
> >(ide, serial, parallel) has guest exploitable bug? Currently I can happily
> >continue running guests if they do not need affected subsystem. If we'll
> >get it your way I will no longer be able to do so.
>
> qemu -device i440fx,ide=off
>
So you still need to support arbitrary composition. What's the
difference? So why do you like -device i440fx over what we have now?
In current speak you propose will be implement by using i440fx machine
type. Qdev will build it for you.
> If you really care to do this. But this desire to remove devices is
> silly IMHO. Concerns about security are misplaced. If you have to
> change the way a guest is invoked in order to eliminate security
> problems, then there's something seriously wrong.
>
No I do not. I do not create guest with unneeded devices from the
beginning.
--
Gleb.
- Re: [Qemu-devel] KVM call minutes for Feb 8, (continued)
- Re: [Qemu-devel] KVM call minutes for Feb 8, Anthony Liguori, 2011/02/10
- Re: [Qemu-devel] KVM call minutes for Feb 8, Peter Maydell, 2011/02/10
- Re: [Qemu-devel] KVM call minutes for Feb 8, Gleb Natapov, 2011/02/10
- Re: [Qemu-devel] KVM call minutes for Feb 8, Anthony Liguori, 2011/02/10
- Re: [Qemu-devel] KVM call minutes for Feb 8, Peter Maydell, 2011/02/10
- Re: [Qemu-devel] KVM call minutes for Feb 8, Scott Wood, 2011/02/10
- Re: [Qemu-devel] KVM call minutes for Feb 8, Peter Maydell, 2011/02/10
- Re: [Qemu-devel] KVM call minutes for Feb 8, Scott Wood, 2011/02/10
- Re: [Qemu-devel] KVM call minutes for Feb 8, Gleb Natapov, 2011/02/10
- Re: [Qemu-devel] KVM call minutes for Feb 8, Anthony Liguori, 2011/02/10
- Re: [Qemu-devel] KVM call minutes for Feb 8,
Gleb Natapov <=
- Re: [Qemu-devel] KVM call minutes for Feb 8, Anthony Liguori, 2011/02/10
- Re: [Qemu-devel] KVM call minutes for Feb 8, Gleb Natapov, 2011/02/10
- Re: [Qemu-devel] KVM call minutes for Feb 8, Anthony Liguori, 2011/02/10
- Re: [Qemu-devel] KVM call minutes for Feb 8, Gleb Natapov, 2011/02/10
- Re: [Qemu-devel] KVM call minutes for Feb 8, Avi Kivity, 2011/02/10
- Re: [Qemu-devel] KVM call minutes for Feb 8, Gleb Natapov, 2011/02/10
- Re: [Qemu-devel] KVM call minutes for Feb 8, Anthony Liguori, 2011/02/10
- Re: [Qemu-devel] KVM call minutes for Feb 8, Avi Kivity, 2011/02/10
- Re: [Qemu-devel] KVM call minutes for Feb 8, Gleb Natapov, 2011/02/10
- Re: [Qemu-devel] KVM call minutes for Feb 8, Anthony Liguori, 2011/02/10