On Wed, 2013-10-02 at 13:02 +0300, Gleb Natapov wrote: > Yes, I alluded to it in my email to Paul and Paolo asked also. How this > interface is disabled? Also hwrnd is MMIO in a host why guest needs to > use hypercall instead of emulating the device (in kernel or somewhere > else?). Another things is that on a host hwrnd is protected from > direct userspace access by virtue of been a device, but guest code (event > kernel mode) is userspace as far as hosts security model goes, so by > implementing this hypercall in a way that directly access hwrnd you > expose hwrnd to a userspace unconditionally. Why is this a good idea? BTW. Is this always going to be like this ? Every *single* architectural or design decision we make for our architecture has to be justified 30 times over, every piece of code bike shedded to oblivion for month, etc... ? Do we always have to finally get to some kind of agreement on design, go to the 6 month bike-shedding phase, just to have somebody else come up and start re-questioning the whole original design (without any understanding of our specific constraints of course) ? You guys are the most horrendous community I have ever got to work with. It's simply impossible to get anything done in any reasonable time frame . At this stage, it would have taken us an order of magnitude less time to simply rewrite an entire hypervisor from scratch. This is sad. Ben. -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html