Demi Marie Obenour
Demi Marie Obenour
Neither vhost-user nor virtio-vhost-user need a kernel module on the host. virtio-vhost-user might need a kernel module in the guest to implement the virtio device, but if the guest has...
`virtio-vhost-user` should be read as `virtio-(vhost-user)`, not as `(virtio-vhost)-user`. It is a separate type of virtio device, alongside `blk`, `net`, and others. A `virtio-vhost-user` device allows the guest with the...
The main use-case for this feature is to allow drivers, such as network and block devices, to be implemented in guests rather than in the host. In combination with #7044...
@likebreath It looks good!
Perhaps this could be made opt-in, then? SAML implementations certainly need neither directives nor processing instructions, and may want to reject comments as well.
The problem is that the same XML might also be parsed by something that does _not_ ignore XML external entities. Unfortunately the more secure behavior will need to be off...
> But also, the child process could be used just for the case of early qube shutdown, and otherwise use the event loop. Alternatively the process could keep running even...
Is anyone using OCaml marshaling for RPCs? OCaml marshaling is not type-safe, so it isn’t secure against malicious input. RPC systems are generally expected to be secure against malicious input,...
Can you try running this with thread sanitizer?
@jmid For bytecode it should be sufficient to compile the runtime with TSan, though that will give you C-level backtraces instead of OCaml-level ones.