Git-Mirrors/qubes-doc
1
0
Fork 0
mirror of https://github.com/QubesOS/qubes-doc.git synced 2025-12-15 07:53:07 -05:00
Code Issues Projects Releases Packages Wiki Activity

fix a typo

Browse source
This commit is contained in:
Solène Rapenne 2025-12-11 00:09:14 +01:00
parent 7d1f81c5c7
commit c98a9dd886
No known key found for this signature in database
GPG key ID: 8CD42DFD57F0A909
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
user/advanced-topics/standalones-and-hvms.rst
View file

@ -32,7 +32,7 @@ PVH has less attack surface than PV, as it relies on Second Level Address Transl
PVH also has less attack surface than HVM, as it does not require QEMU to provide device emulation services. While QEMU is confined in a stubdomain, and again in a seccomp based sandbox, the stubdomain has significant attack surface against the hypervisor. Not only does it have the full attack surface of a PV domain, it also has access to additional hypercalls that allow it to control the guest it is providing emulation services for. XSA-109 was a vulnerability in one of these hypercalls.
PVH has better performance than HVM, as the stubdomain iin HVM consumes resources (both memory and a small amount of CPU). There is little difference in the I/O path at runtime, as both PVH and HVM guests usually use paravirtualized I/O protocols.
PVH has better performance than HVM, as the stubdomain in HVM consumes resources (both memory and a small amount of CPU). There is little difference in the I/O path at runtime, as both PVH and HVM guests usually use paravirtualized I/O protocols.
Surprisingly, PVH often has better performance than PV. This is because PVH does not require hypercalls for page table updates, which are expensive. SLAT does raise the cost of TLB misses, but this is somewhat mitigated by a second-level TLB in recent hardware.