[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v5 0/10] arm: more kconfig configurability and small default configs

Hi Stefano,

On 12/06/2018 20:53, Stefano Stabellini wrote:
On Tue, 12 Jun 2018, Jan Beulich wrote:
As a consequence of these changes, some options will become user-visible
and not dependent on CONFIG_EXPERT. It does not mean that Xen Project
will security support all possible combinations of kconfig options.
Instead, there will be a small set of pre-canned configurations that
will be supported.  See: https://marc.info/?l=xen-devel&m=152424389512432

George, Ian, Jan, shall SUPPORT.MD be updated to reflect the Kconfig

I am mostly thinking about the board support and the fact that more
options on Arm are selectable by the users.

I think that would be very desirable, yes.

Do you want me to add a patch for that to this series, or should I do it

I think such a doc change should be right in a particular patch making
things user selectable.

I have added the following to patch #5, the one introducing all the UART
Kconfigs on ARM. I think it is the one introducing more new options. I
removed Julien's ACK because of this change. Let me know if you think we
need more details in SUPPORT.md.

diff --git a/SUPPORT.md b/SUPPORT.md
index 264b23f..e70f35c 100644
--- a/SUPPORT.md
+++ b/SUPPORT.md
@@ -16,6 +16,18 @@ for the definitions of the support status levels etc.
# Feature Support +## Kconfig
+On x86, Kconfig options that depend on CONFIG_EXPERT are not security
+supported. Other Kconfig options that do not depend on CONFIG_EXPERT are
+supported, if the related features marked as supported in this document.
+On ARM, a wider range of Kconfig configurations is available to enable
+very small lines of code counts in the hypervisor. Not all possible
+combinations of kconfig options are security supported. Instead, a small
+set of pre-canned configurations is supported, see xen/arch/arm/configs.

I think we need to be more specific about CONFIG_EXPERT=y. This is still something we don't want to security support on Arm.

Furthermore, tiny.config by default will select the platform "ALL" but most of the user will tailor to a specific platform. That platform will select drivers. By reading your statement, this new config will not be security supported. Not sure if it is wanted.

This also made me realize that in your tiny config you select NULL scheduler which is still marked as experimental in the Kconfig. It feels strange that you security support it in the tiny.config but not by default.


Julien Grall

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.