[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v5 0/10] arm: more kconfig configurability and small default configs

To: Julien Grall <julien.grall@xxxxxxx>
From: Stefano Stabellini <sstabellini@xxxxxxxxxx>
Date: Wed, 13 Jun 2018 14:06:16 -0700 (PDT)
Cc: Artem Mygaiev <artem_mygaiev@xxxxxxxx>, Lars Kurth <lars.kurth@xxxxxxxxxx>, nd@xxxxxxx, Stefano Stabellini <sstabellini@xxxxxxxxxx>, "andrii_anisov@xxxxxxxx" <andrii_anisov@xxxxxxxx>, George Dunlap <George.Dunlap@xxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>, xen-devel@xxxxxxxxxxxxx, Jan Beulich <JBeulich@xxxxxxxx>, Dario Faggioli <dfaggioli@xxxxxxxx>
Delivery-date: Wed, 13 Jun 2018 21:06:52 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Tue, 12 Jun 2018, Julien Grall wrote:
> > diff --git a/SUPPORT.md b/SUPPORT.md
> > index 264b23f..e70f35c 100644
> > --- a/SUPPORT.md
> > +++ b/SUPPORT.md
> > @@ -16,6 +16,18 @@ for the definitions of the support status levels etc.
> >     # Feature Support
> >   +## Kconfig
> > +
> > +On x86, Kconfig options that depend on CONFIG_EXPERT are not security
> > +supported. Other Kconfig options that do not depend on CONFIG_EXPERT are
> > +supported, if the related features marked as supported in this document.
> > +
> > +On ARM, a wider range of Kconfig configurations is available to enable
> > +very small lines of code counts in the hypervisor. Not all possible
> > +combinations of kconfig options are security supported. Instead, a small
> > +set of pre-canned configurations is supported, see xen/arch/arm/configs.
> 
> I think we need to be more specific about CONFIG_EXPERT=y. This is still
> something we don't want to security support on Arm.

Agreed, I'll clarify.


> Furthermore, tiny.config by default will select the platform "ALL" but most of
> the user will tailor to a specific platform. That platform will select
> drivers. By reading your statement, this new config will not be security
> supported. Not sure if it is wanted.

It was easier to explain when we actually had one config file per
platform under xen/arch/arm/configs. I have rewritten the statement to
make it clear that we support the platforms listed under
xen/arch/arm/platforms/Kconfig and the precanned configurations under
xen/arch/arm/configs. Let's see how it goes.


> This also made me realize that in your tiny config you select NULL scheduler
> which is still marked as experimental in the Kconfig. It feels strange that
> you security support it in the tiny.config but not by default.

Damn. The NULL scheduler is definitely required and it has been in the
tree long enough. I'll add a separate patch for that.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

References:
- [Xen-devel] [PATCH v5 0/10] arm: more kconfig configurability and small default configs
  - From: Stefano Stabellini
- Re: [Xen-devel] [PATCH v5 0/10] arm: more kconfig configurability and small default configs
  - From: Julien Grall
- Re: [Xen-devel] [PATCH v5 0/10] arm: more kconfig configurability and small default configs
  - From: Jan Beulich
- Re: [Xen-devel] [PATCH v5 0/10] arm: more kconfig configurability and small default configs
  - From: Stefano Stabellini
- Re: [Xen-devel] [PATCH v5 0/10] arm: more kconfig configurability and small default configs
  - From: Jan Beulich
- Re: [Xen-devel] [PATCH v5 0/10] arm: more kconfig configurability and small default configs
  - From: Stefano Stabellini
- Re: [Xen-devel] [PATCH v5 0/10] arm: more kconfig configurability and small default configs
  - From: Julien Grall

Prev by Date: [Xen-devel] Xen Security Advisory 267 (CVE-2018-3665) - Speculative register leakage from lazy FPU context switching
Next by Date: [Xen-devel] [PATCH v6 0/13] arm: more kconfig configurability and small default configs
Previous by thread: Re: [Xen-devel] [PATCH v5 0/10] arm: more kconfig configurability and small default configs
Next by thread: Re: [Xen-devel] [PATCH v5 0/10] arm: more kconfig configurability and small default configs
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.