[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v7 08/12] xen: add /buildinfo/config entry to hypervisor filesystem

To: George Dunlap <George.Dunlap@xxxxxxxxxx>
From: Jan Beulich <jbeulich@xxxxxxxx>
Date: Tue, 28 Apr 2020 09:20:36 +0200
Cc: Jürgen Groß <jgross@xxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Wei Liu <wl@xxxxxxx>, Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>, Ian Jackson <Ian.Jackson@xxxxxxxxxx>, xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
Delivery-date: Tue, 28 Apr 2020 07:20:53 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 27.04.2020 18:25, George Dunlap wrote:
> If Jan is OK with it simply being outside CONFIG_EXPERT, then great.  But if 
> he insists on some kind of testing for it to be outside of CONFIG_EXPERT, 
> then again, the people who want it to be security supported should be the 
> ones who do the work to make it happen.

I don't understand this part, I'm afraid: Without a config option,
the code is going to be security supported as long as it doesn't
get marked otherwise (experimental or what not). With an option
depending on EXPERT, what would become security unsupported is the
non-default (i.e. disabled) setting. There's not a whole lot to
test there, it's merely a formal consequence of our general rules.
(Of course, over time dependencies of other code may develop on
the information being available e.g. to Dom0 userland. Just like
there's Linux userland code assuming the kernel config is
available in certain ways [I don't necessarily mean the equivalent
of hypfs here], to then use it in what I'd call abusive ways in at
least some cases.)

Jan

Follow-Ups:
- Re: [PATCH v7 08/12] xen: add /buildinfo/config entry to hypervisor filesystem
  - From: George Dunlap

References:
- [PATCH v7 00/12] Add hypervisor sysfs-like support
  - From: Juergen Gross
- [PATCH v7 08/12] xen: add /buildinfo/config entry to hypervisor filesystem
  - From: Juergen Gross
- Re: [PATCH v7 08/12] xen: add /buildinfo/config entry to hypervisor filesystem
  - From: Jan Beulich
- Re: [PATCH v7 08/12] xen: add /buildinfo/config entry to hypervisor filesystem
  - From: Jürgen Groß
- Re: [PATCH v7 08/12] xen: add /buildinfo/config entry to hypervisor filesystem
  - From: Jan Beulich
- Re: [PATCH v7 08/12] xen: add /buildinfo/config entry to hypervisor filesystem
  - From: Jürgen Groß
- Re: [PATCH v7 08/12] xen: add /buildinfo/config entry to hypervisor filesystem
  - From: Jan Beulich
- Re: [PATCH v7 08/12] xen: add /buildinfo/config entry to hypervisor filesystem
  - From: Jürgen Groß
- Re: [PATCH v7 08/12] xen: add /buildinfo/config entry to hypervisor filesystem
  - From: George Dunlap

Prev by Date: Re: Xen network domain performance for 10Gb NIC
Next by Date: [PATCH] xen/swiotlb: correct the check for xen_destroy_contiguous_region
Previous by thread: Re: [PATCH v7 08/12] xen: add /buildinfo/config entry to hypervisor filesystem
Next by thread: Re: [PATCH v7 08/12] xen: add /buildinfo/config entry to hypervisor filesystem
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.