|
| From: | Anthony Liguori |
| Subject: | Re: [Qemu-devel] KVM call minutes for Feb 8 |
| Date: | Thu, 10 Feb 2011 11:00:50 +0100 |
| User-agent: | Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.15) Gecko/20101027 Lightning/1.0b1 Thunderbird/3.0.10 |
On 02/10/2011 10:07 AM, Gleb Natapov wrote:
So what if it is easier, it doesn't mean it is correct thing to do.
If we spend the next 10 years trying to do the "correct thing" for some arbitrary definition of correct, that's not terribly useful.
It's really simple actually. Let's do the least clever thing and model how hardware actual works. Once we have that, we can try to be better than real hardware (if it's possible).
If all composition is done through a factory interface, it doesn't. But my main argument here is that we shouldn't try to make all composition done through a factory interface--only where it makes sense. So very concretely, I'm suggesting we do the following to target-i386: 1) make the i440fx device have an embedded ide controller, piix3, and usb controller that get initialized automatically. The piix3 embeds the PCI-to-ISA bridge along with all of the default ISA devices (rtc, serial, etc.).This may be a problem even from security point of view. What if usb code (ide, serial, parallel) has guest exploitable bug? Currently I can happily continue running guests if they do not need affected subsystem. If we'll get it your way I will no longer be able to do so.
qemu -device i440fx,ide=offIf you really care to do this. But this desire to remove devices is silly IMHO. Concerns about security are misplaced. If you have to change the way a guest is invoked in order to eliminate security problems, then there's something seriously wrong.
Regards, Anthony Liguori
| [Prev in Thread] | Current Thread | [Next in Thread] |