From mboxrd@z Thu Jan  1 00:00:00 1970
From: "Yu, Zhang" <yu.c.zhang@linux.intel.com>
Subject: Re: [PATCH v3 3/3] tools: introduce parameter
 max_wp_ram_ranges.
Date: Tue, 2 Feb 2016 00:33:46 +0800
Message-ID: <56AF88EA.8080607@linux.intel.com>
References: <1454064314-7799-1-git-send-email-yu.c.zhang@linux.intel.com>
	<1454064314-7799-4-git-send-email-yu.c.zhang@linux.intel.com>
	<56ABA26C02000078000CC7CD@prv-mh.provo.novell.com>
	<56ACCAD5.8030503@linux.intel.com>
	<56AF1CE302000078000CCBBD@prv-mh.provo.novell.com>
	<20160201120244.GT25660@citrix.com>
	<56AF5A6402000078000CCEB2@prv-mh.provo.novell.com>
	<20160201124959.GX25660@citrix.com>
	<56AF669F02000078000CCF8D@prv-mh.provo.novell.com>
	<56AF7657.1000200@linux.intel.com>
	<56AF92E902000078000CD153@prv-mh.provo.novell.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
In-Reply-To: <56AF92E902000078000CD153@prv-mh.provo.novell.com>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: Jan Beulich <JBeulich@suse.com>
Cc: kevin.tian@intel.com, wei.liu2@citrix.com, ian.campbell@citrix.com, stefano.stabellini@eu.citrix.com, andrew.cooper3@citrix.com, ian.jackson@eu.citrix.com, xen-devel@lists.xen.org, Paul.Durrant@citrix.com, zhiyuan.lv@intel.com, keir@xen.org
List-Id: xen-devel@lists.xenproject.org



On 2/2/2016 12:16 AM, Jan Beulich wrote:
>>>> On 01.02.16 at 16:14, <yu.c.zhang@linux.intel.com> wrote:
>> But I still do not quite understand. :)
>> If tool stack can guarantee the validity of a parameter,
>> under which circumstances will hypervisor be threatened?
>
> At least in disaggregated environments the hypervisor cannot
> trust the (parts of the) tool stack(s) living outside of Dom0. But
> even without disaggregation in mind it is bad practice to have
> the hypervisor assume the tool stack will only pass sane values.
> Just at the example of the param you're introducing: You don't
> even do the validation in libxc, so any (theoretical) tool stack
> no based on xl/libxl would not be guaranteed to pass a sane
> value. And even if you moved it into libxc, one could still argue
> that there could an even more theoretical tool stack not even
> building on top of libxc.
>
> Jan
>

Great. Thank you very much for your patience to explain.
Just sent out another mail about my understanding a moment ago,
seems I partially get it. :)
My vnc connection is too slow, will change the code tomorrow.
>
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xen.org
> http://lists.xen.org/xen-devel
>

Yu