[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v7 12/12] xen: clarify the security-support status of Kconfig options on ARM

On 25/07/18 09:59, Andrew Cooper wrote:
On 25/07/2018 09:46, Julien Grall wrote:

On 24/07/18 23:31, Stefano Stabellini wrote:
On Mon, 23 Jul 2018, Julien Grall wrote:

On 07/07/18 00:14, Stefano Stabellini wrote:
Signed-off-by: Stefano Stabellini <sstabellini@xxxxxxxxxx>
CC: George.Dunlap@xxxxxxxxxxxxx
CC: Ian.Jackson@xxxxxxxxxxxxx
CC: jbeulich@xxxxxxxx
CC: andrew.cooper3@xxxxxxxxxx
    SUPPORT.md | 10 ++++++++++
    1 file changed, 10 insertions(+)

diff --git a/SUPPORT.md b/SUPPORT.md
index e3e49e2..151a63d 100644
--- a/SUPPORT.md
+++ b/SUPPORT.md
@@ -22,6 +22,16 @@ EXPERT and DEBUG Kconfig options are not security
supported. Other
    Kconfig options are supported, if the related features are
marked as
    supported in this document.
    +On ARM, a wider range of Kconfig configurations is available to
+very small lines of code counts in the hypervisor. Not all possible
+combinations of kconfig options are security supported. Instead, a

NIT: s/kconfig/Kconfig/

+pre-canned configurations have been added to xen/arch/arm/configs:
+are security suppored. Configurations derived from the pre-canned


I'll fix

+by adding non-listed options with their default values, or by
+any of the platform options under "Platform Support" (and their
+dependent options) are security supported, unless stated

I am not entirely sure to understand the implications the paragraph.

It is meant to say:

1) xen/arch/arm/configs config files are security supported
2) default values of any kconfig options are security supported
3) if an option is marked as not security supported in SUPPORT.md, then
     it is not security supported, no matter the default value
4) everything else is not security supported
   Should I try to clarify it? I guess I should make clear that a .config
with an unsupported option is unsupported as a whole. I can add:

   "A configuration with one or more unsupported options, is not

For instance, if I choose arm64_defconfig, memaccess will be enabled by
default but any use of it is not security supported. What will be
the state of
the security support for that .config?

Yes, memaccess will default to enable. However, SUPPORT.md says it is
not security supported, hence, the result is that the .config is not
security supported, according to (3).

We really don't want that. That arm64_defconfig is the default config
for Xen. Anyone using it will not be security supported.

Distros will likely use the default config as it enables everything.
If I were a package maintainer, I would expect at minimum to security
support the .config. This does not mean that using a specific feature
will be supported.

Anything you can select in menuconfig without passing
XEN_CONFIG_EXPERT=y is security supported.  Anything hidden behind
XEN_CONFIG_EXPERT is security supported in its default configuration.

Could you clarify what you mean by security supported here? For instance, "livepatch" is selectable on Arm with XEN_CONFIG_EXPERT=y but it is marked as "experimental" in SUPPORT.MD.


Julien Grall

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.