From mboxrd@z Thu Jan 1 00:00:00 1970 From: Qing He Subject: Re: [PATCH 04/17] vmx: nest: domain and vcpu flags Date: Thu, 20 May 2010 20:53:41 +0800 Message-ID: <20100520125341.GA21374@qhe2-db> References: <1271929289-18572-1-git-send-email-qing.he@intel.com> <1271929289-18572-5-git-send-email-qing.he@intel.com> <20100520093753.GL4164@whitby.uk.xensource.com> <20100520095434.GC21042@qhe2-db> <20100520105529.GN4164@whitby.uk.xensource.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Return-path: Content-Disposition: inline In-Reply-To: <20100520105529.GN4164@whitby.uk.xensource.com> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xensource.com Errors-To: xen-devel-bounces@lists.xensource.com To: Tim Deegan Cc: "xen-devel@lists.xensource.com" List-Id: xen-devel@lists.xenproject.org On Thu, 2010-05-20 at 18:55 +0800, Tim Deegan wrote: > At 10:54 +0100 on 20 May (1274352874), Qing He wrote: > > But I still put this flags here because there have been some people > > expressing security concerns, that in some situations, hardware > > virtualization needs to be explicitly disabled to avoid stealth VMM. > > I understand that people might want to disable nested HVM, and it's fine > to do that in the domain builder; I just don't think that domcrf is te > right Xen interface. Christoph's use of HVM_PARAM sounds right to me. OK, I'll change to HVM_PARAM solution. > > Tim. > > -- > Tim Deegan > Principal Software Engineer, XenServer Engineering > Citrix Systems UK Ltd. (Company #02937203, SL9 0BG)