>>> On 01.02.16 at 16:14, <yu.c.zh...@linux.intel.com> wrote: > But I still do not quite understand. :) > If tool stack can guarantee the validity of a parameter, > under which circumstances will hypervisor be threatened?
At least in disaggregated environments the hypervisor cannot trust the (parts of the) tool stack(s) living outside of Dom0. But even without disaggregation in mind it is bad practice to have the hypervisor assume the tool stack will only pass sane values. Just at the example of the param you're introducing: You don't even do the validation in libxc, so any (theoretical) tool stack no based on xl/libxl would not be guaranteed to pass a sane value. And even if you moved it into libxc, one could still argue that there could an even more theoretical tool stack not even building on top of libxc. Jan _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel
