From mboxrd@z Thu Jan  1 00:00:00 1970
From: Don Slutz <dslutz@verizon.com>
Subject: Re: [PATCH for-4.5 v6 05/16] tools: Add vmware_port
	support
Date: Mon, 22 Sep 2014 17:22:18 -0400
Message-ID: <5420930A.2020300@terremark.com>
References: <1411236447-7435-1-git-send-email-dslutz@verizon.com>	
	<1411236447-7435-6-git-send-email-dslutz@verizon.com>
	<1411393315.18331.104.camel@kazak.uk.xensource.com>
	<54204FA5.7020104@citrix.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
In-Reply-To: <54204FA5.7020104@citrix.com>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: Andrew Cooper <andrew.cooper3@citrix.com>, Ian Campbell <Ian.Campbell@citrix.com>, Don Slutz <dslutz@verizon.com>
Cc: Tim Deegan <tim@xen.org>, Kevin Tian <kevin.tian@intel.com>, Keir Fraser <keir@xen.org>, Jun Nakajima <jun.nakajima@intel.com>, Stefano Stabellini <stefano.stabellini@eu.citrix.com>, George Dunlap <George.Dunlap@eu.citrix.com>, Ian Jackson <ian.jackson@eu.citrix.com>, Eddie Dong <eddie.dong@intel.com>, xen-devel@lists.xen.org, Aravind Gopalakrishnan <Aravind.Gopalakrishnan@amd.com>, Jan Beulich <jbeulich@suse.com>, Boris Ostrovsky <boris.ostrovsky@oracle.com>, Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>
List-Id: xen-devel@lists.xenproject.org

On 09/22/14 12:34, Andrew Cooper wrote:
> On 22/09/14 14:41, Ian Campbell wrote:
>> On Sat, 2014-09-20 at 14:07 -0400, Don Slutz wrote:
>>> This new libxl_domain_create_info field is used to set
>>> XEN_DOMCTL_CDF_vmware_port for the xc_domain_create() routine.
>> Does this really need to be a CDF, rather than a domctl/hvm param?
> I have made the argument that many things which are currently HVM Params
> should be CDF, as they absolutely should be set and immutable for the
> entire lifetime of the domain.
>
>  From recollection, we have had several XSAs in the past which are
> directly attributable to the toolstack or guest being able to play with
> an (insufficiently locked down) HVM param after boot.
>
> Using a CDF avoids potential issues along these lines.

It also allow setting up v->arch.hvm_vmx.exception_bitmap at
the right time.  domctl/hvm params are setup much latter in
the life of a domain.

>> The latter would allow moving to buildinfo.u.hvm, which would be nicer
>> from the libxl PoV, I think.
>>
> Whatever the decision regarding CDF/hvmparam/other is, getting it right
> in the hypervisor is a much higher priority than being nice in libxl.
>
> It is unfortunate that libxl exposes the internal implementation details
> of createinfo vs buildinfo in its API.  With hindsight, it was a poor
> design decision.

     -Don Slutz

> ~Andrew
>