From mboxrd@z Thu Jan  1 00:00:00 1970
From: George Dunlap <george.dunlap@eu.citrix.com>
Subject: Re: Please review the key 4.4 release docs
Date: Fri, 14 Mar 2014 17:24:41 +0000
Message-ID: <53233B59.8080208@eu.citrix.com>
References: <55E78A57290FB64FA0D3CF672F9F3DA21A7000@SJCPEX01CL03.citrite.net>
	<A9667DDFB95DB7438FA9D7D576C3D87E0AA10A8A@SHSMSX104.ccr.corp.intel.com>
	<531D8BE5.2070607@eu.citrix.com>
	<A9667DDFB95DB7438FA9D7D576C3D87E0AA11B08@SHSMSX104.ccr.corp.intel.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
In-Reply-To: <A9667DDFB95DB7438FA9D7D576C3D87E0AA11B08@SHSMSX104.ccr.corp.intel.com>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: "Zhang, Yang Z" <yang.z.zhang@intel.com>, Russell Pavlicek <russell.pavlicek@citrix.com>, "xen-devel@lists.xen.org" <xen-devel@lists.xen.org>
List-Id: xen-devel@lists.xenproject.org

On 03/11/2014 01:23 AM, Zhang, Yang Z wrote:
> George Dunlap wrote on 2014-03-10:
>> On 03/10/2014 04:27 AM, Zhang, Yang Z wrote:
>>> Russell Pavlicek wrote on 2014-03-10:
>>>> I have done my best to compile the various key release documents
>>>> for the 4.4 release.
>>>>
>>>> All have hyperlinks from the download page:
>>>> http://www.xenproject.org/downloads/xen-archives/supported-xen-44-s
>>>> er
>>>> i
>>>> es/ xen-440.html
>>> I thought that we have agreed that we will move the nested
>>> virtualization
>> from experimental to 1.0 or something else in Xen 4.4 release note.
>> But it seems it still in experimental state and there is no mention of
>> it in the release note.
>>
>> Well we discussed it, but there were too many things still missing to
>> call it a properly supported feature: in particular, doubts about how
>> well shadow-on-hap would work, which would be a potential security
> Actually, I'd like to know all potential nested issues and I will try to solve it if possible. But the problem is that I am not clear about those issues that you guys mentioned. Is there any thread talk about them?

I think I was thinking along the lines of what I wrote in this thread:

Msg-ID <52E28EFB.3020008@eu.citrix.com>

It seems there the minimum thing for a "1.0" release is that an L1 admin 
must not be able to do anything to affect an L0; and thinks at the 
moment likely to do so are enabling PoD (and probably also paging) for 
L2 guests.  It's OK if enabling PoD crashes the *L1* hypervisor (because 
that's under the L1 admin's control); but it must not be allowed to 
crash / DoS the L0 hypervisor.

  -George



>
>> issue.  (On my to-do list is to collect these somewhere so we have a
>> clear set of criteria for moving nested HVM from "tech preview" to
>> "supported".)
> Yes, it makes sense.
>
>> It would be good to put something in the release note, however, to say
>> how much it has progressed.  I'll see what I can do.
> Yes, nested was moving forward in last year. It's better to tell this to people since lots of people unaware of this feature.
>
>>    -George
>
> Best regards,
> Yang
>
>