|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH v5 0/10] arm: more kconfig configurability and small default configs
On Wed, 13 Jun 2018, Jan Beulich wrote: > >>> On 12.06.18 at 21:53, <sstabellini@xxxxxxxxxx> wrote: > > On Tue, 12 Jun 2018, Jan Beulich wrote: > >> >> >> As a consequence of these changes, some options will become > >> >> >> user-visible > >> >> >> and not dependent on CONFIG_EXPERT. It does not mean that Xen Project > >> >> >> will security support all possible combinations of kconfig options. > >> >> >> Instead, there will be a small set of pre-canned configurations that > >> >> >> will be supported. See: > >> >> >> https://marc.info/?l=xen-devel&m=152424389512432 > >> >> > > >> >> > George, Ian, Jan, shall SUPPORT.MD be updated to reflect the Kconfig > >> >> > changes? > >> >> > > >> >> > I am mostly thinking about the board support and the fact that more > >> >> > options on Arm are selectable by the users. > >> >> > >> >> I think that would be very desirable, yes. > >> > > >> > Do you want me to add a patch for that to this series, or should I do it > >> > separately? > >> > >> I think such a doc change should be right in a particular patch making > >> things user selectable. > > > > I have added the following to patch #5, the one introducing all the UART > > Kconfigs on ARM. I think it is the one introducing more new options. I > > removed Julien's ACK because of this change. Let me know if you think we > > need more details in SUPPORT.md. > > > > diff --git a/SUPPORT.md b/SUPPORT.md > > index 264b23f..e70f35c 100644 > > --- a/SUPPORT.md > > +++ b/SUPPORT.md > > @@ -16,6 +16,18 @@ for the definitions of the support status levels etc. > > > > # Feature Support > > > > +## Kconfig > > + > > +On x86, Kconfig options that depend on CONFIG_EXPERT are not security > > +supported. Other Kconfig options that do not depend on CONFIG_EXPERT are > > +supported, if the related features marked as supported in this document. > > ..., if the related features are marked ... > > > +On ARM, a wider range of Kconfig configurations is available to enable > > +very small lines of code counts in the hypervisor. Not all possible > > +combinations of kconfig options are security supported. Instead, a small > > +set of pre-canned configurations is supported, see xen/arch/arm/configs. > > Patch 5 does not add any EXPERT dependencies afaics, so this is at least > misleading. I think the EXPERT rule should apply generically, and perhaps be > introduced by (and discussed in the context of) a separate patch. I also > think DEBUG should be mentioned alongside EXPERT. > > The patch relaxing things for ARM would then add a relaxation paragraph > here. I'll do. Actually, for simplicity, I'll modify the SUPPORT statement for ARM in a separate independent patch (so I'll add two patches) for our convenience in reviewing and patch handling. We can easily merge patches at commit time, or in a follow-up patch series. _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |