I am interested about the implications of using HVMs. I know about the introduced need of some CPU features, some changes under-the-hood and potentiially better compatibility. But I am interested in some others:
1. What will change about performance and memory-usage characteristics? I believe there will be just small (and maybe even positive) performance difference for CPU/RAM-related tasks. The difference for I/O will probably be rather low if any. There might be some differences for PCI latency, but I am unsure about them. Start of a VM will probably take slightly longer, because of the need of the stubdom. RAM usage will be also somewhat (how much?) higher because of the stubdom. 2. Security implications. When attacker has a QEMU 0day, HVM fails as a counter-measure against PV-related vulnerabilities. In such case, the attack scenario is even larger (both PV-only and HVM-only Xen vulnerabilities can be used). I remember you mentioned an idea about killing the stubdom in an early phase of the boot (probably even before mounting /rw), which would somehow mitigate some (most?) attacks. As a nice side-effect, it would also lower the memory usage. What's the current state of this countermeasure? Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/831e1fda-61fd-45cd-b243-8b9a8e01b021%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
