Hello,I''m wondering are there any datum that can compare the reliability/availability/dependability of HVM and PV, especially the driver of them? For example, how many bugs found in the drivers of HVM and PV? Can any experimental datum tell HVM model is safer or otherwise?... If a driver in HVM crashed, will it affect DomU, Dom0, or others? and what about PV? Is there some research or paper talk about this? I am so grateful if someone can give some advice about above, Thanks. -Luit _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
I also care for this problem, waiting the experts to answer. At 2011-02-20 20:55:40,"Yutao Liu" <universalbillow@gmail.com> wrote: Hello,I'm wondering are there any datum that can compare the reliability/availability/dependability of HVM and PV, especially the driver of them? For example, how many bugs found in the drivers of HVM and PV? Can any experimental datum tell HVM model is safer or otherwise?... If a driver in HVM crashed, will it affect DomU, Dom0, or others? and what about PV? Is there some research or paper talk about this? I am so grateful if someone can give some advice about above, Thanks. -Luit _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
On Sun, 2011-02-20 at 12:55 +0000, Yutao Liu wrote:> Hello,I''m wondering are there any datum that can compare the > reliability/availability/dependability of HVM and PV, especially the > driver of them? > For example, how many bugs found in the drivers of HVM and PV?In the case of PVHVM drivers these are the same drivers so the numbers would be the same.> Can any experimental datum tell HVM model is safer or otherwise?...I don''t know of any specific work in this area. It sounds like it would be an interesting project for someone with an interest in reliability engineering etc to undertake.> If a driver in HVM crashed, will it affect DomU, Dom0, or others? and > what about PV?All domains are equally isolated from the other domains in the system, be they domain 0, PV domU or other HVM domains. One domain cannot crash another unless it has particular privilege. Ian> Is there some research or paper talk about this? > > > I am so grateful if someone can give some advice about above, Thanks. > > > > -Luit_______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
On Mon, Feb 21, 2011 at 6:01 PM, Ian Campbell <Ian.Campbell@citrix.com>wrote:> On Sun, 2011-02-20 at 12:55 +0000, Yutao Liu wrote: > > Hello,I''m wondering are there any datum that can compare the > > reliability/availability/dependability of HVM and PV, especially the > > driver of them? > > For example, how many bugs found in the drivers of HVM and PV? > > > In the case of PVHVM drivers these are the same drivers so the numbers > > would be the same. >But PV and HVM have different data flow, e.g. in PV, there is the communication between frontend and backend, but in HVM there may be not, are there any bugs appear in these procedure?> > > Can any experimental datum tell HVM model is safer or otherwise?... > > > I don''t know of any specific work in this area. It sounds like it would > > be an interesting project for someone with an interest in reliability > > engineering etc to undertake. > > > If a driver in HVM crashed, will it affect DomU, Dom0, or others? and > > what about PV? > > > All domains are equally isolated from the other domains in the system, > > be they domain 0, PV domU or other HVM domains. One domain cannot crash > > another unless it has particular privilege. >What about when the frontend in domU communicate with backend in dom0? In my opinion, the isolation in PV is not as well as in HVM(do you agree with me?), so are there any cases that the bug in frontend affect the backend?> > Ian > > > Is there some research or paper talk about this? > The last question:) is there any research ever talked about it? that is, > the compare between HVM(both qemu-emulates and with SRIOV) and PV in the > area of dependability? >Thanks so much:)> > > > > I am so grateful if someone can give some advice about above, Thanks. > > > > > > > > -Luit > > >-- - Luit @ Parallel Processing Institute, Fudan University _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
At 12:55 +0000 on 20 Feb (1298206540), Yutao Liu wrote:> Hello,I''m wondering are there any datum that can compare the reliability/availability/dependability of HVM and PV, especially the driver of them? > For example, how many bugs found in the drivers of HVM and PV? Can any experimental datum tell HVM model is safer or otherwise?... > If a driver in HVM crashed, will it affect DomU, Dom0, or others? and what about PV? > Is there some research or paper talk about this?The conventional wisdom is that since HVM has a much bigger TCB it''s probably in some sense less secure. I don''t know whether anyone has done any serious measurement or analysis of that though. Tim. -- Tim Deegan <Tim.Deegan@citrix.com> Principal Software Engineer, Xen Platform Team Citrix Systems UK Ltd. (Company #02937203, SL9 0BG) _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
On Mon, 2011-02-21 at 10:22 +0000, Yutao Liu wrote:> > > On Mon, Feb 21, 2011 at 6:01 PM, Ian Campbell > <Ian.Campbell@citrix.com> wrote: > On Sun, 2011-02-20 at 12:55 +0000, Yutao Liu wrote: > > Hello,I''m wondering are there any datum that can compare the > > reliability/availability/dependability of HVM and PV, > especially the > > driver of them? > > For example, how many bugs found in the drivers of HVM and > PV? > > > > In the case of PVHVM drivers these are the same drivers so > the numbers > > would be the same. > But PV and HVM have different data flow, e.g. in PV, there is the > communication between frontend and backend, but in HVM there > may be not, are there any bugs appear in these procedure?I was talking specifically about PVHVM, where the dataflow is the same. In any case I''m not aware of anyone having done an audit of the bug counts in this specific area etc. If you are interested in the numbers then I''m afraid the best suggestion I have is that you look back over the CVE history, or the version control etc and count them yourself.> > All domains are equally isolated from the other domains in > the system, > > be they domain 0, PV domU or other HVM domains. One domain > cannot crash > > another unless it has particular privilege. > What about when the frontend in domU communicate with backend in > dom0? In my opinion, the isolation in PV is not as well as in HVM(do > you agree with me?), so are there any cases that the bug in frontend > affect the backend?That would be a serious bug in the backend, we are not currently aware of any such bugs.> > Is there some research or paper talk about this? > The last question:) is there any research ever talked about > it? that is, the compare between HVM(both qemu-emulates and > with SRIOV) and PV in the area of dependability? > Thanks so much:)Not as far as I know, but I haven''t really been paying much attention to this area of research. Ian. _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
On Mon, Feb 21, 2011 at 7:18 PM, Ian Campbell <Ian.Campbell@eu.citrix.com>wrote:> On Mon, 2011-02-21 at 10:22 +0000, Yutao Liu wrote: > > > > > > On Mon, Feb 21, 2011 at 6:01 PM, Ian Campbell > > <Ian.Campbell@citrix.com> wrote: > > On Sun, 2011-02-20 at 12:55 +0000, Yutao Liu wrote: > > > Hello,I''m wondering are there any datum that can compare the > > > reliability/availability/dependability of HVM and PV, > > especially the > > > driver of them? > > > For example, how many bugs found in the drivers of HVM and > > PV? > > > > > > > In the case of PVHVM drivers these are the same drivers so > > the numbers > > > would be the same. > > But PV and HVM have different data flow, e.g. in PV, there is the > > communication between frontend and backend, but in HVM there > > may be not, are there any bugs appear in these procedure? > > > I was talking specifically about PVHVM, where the dataflow is the same. > > > In any case I''m not aware of anyone having done an audit of the bug > > counts in this specific area etc. > > > If you are interested in the numbers then I''m afraid the best suggestion > > I have is that you look back over the CVE history, or the version > > control etc and count them yourself. > > > > All domains are equally isolated from the other domains in > > the system, > > > be they domain 0, PV domU or other HVM domains. One domain > > cannot crash > > > another unless it has particular privilege. > > What about when the frontend in domU communicate with backend in > > dom0? In my opinion, the isolation in PV is not as well as in HVM(do > > you agree with me?), so are there any cases that the bug in frontend > > affect the backend? > > > That would be a serious bug in the backend, we are not currently aware > > of any such bugs. > > > > Is there some research or paper talk about this? > > The last question:) is there any research ever talked about > > it? that is, the compare between HVM(both qemu-emulates and > > with SRIOV) and PV in the area of dependability? > > Thanks so much:) > > > Not as far as I know, but I haven''t really been paying much attention to > > this area of research. >I see :) Thanks so much. It''s true that count bugs one by one is no meaning, I may try analyse it by other ways. And I may focus more on the HVM with SRIOV.> > Ian. > > >-- - Luit @ Parallel Processing Institute, Fudan University _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel