Xen project Mailing List

Re: [PATCH v2] xen: EXPERT clean-up and introduce UNSUPPORTED

To: Stefano Stabellini <sstabellini@xxxxxxxxxx>

From: Bertrand Marquis <Bertrand.Marquis@xxxxxxx>

Date: Wed, 18 Nov 2020 08:45:07 +0000

Accept-language: en-GB, en-US

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=nzqAOmxlnpmCBeIgsOCIljyb4qxmTfi6iORSlNXxTIQ=; b=mpuVEyUmfuztlMtxuI6mu1vn2TMhpkiMFztBmtglnsqruQHWfAm2vJtXhfKjPwyg5vCOnRRP5oDfhaVd+CaoXA4q72R1jCY5CkleM/AhVNbV45oIsAimnbwtvEkRaeK2oVZG1+qN62rBNd2s5OAbgHxGUdSHNFX2/28H5q+6n515ECGlYMHecGSUk/Ti+LCvOvwocfehx3UTLqhTohiH/ZVUEYl3ba3iCX8ZWnDJnXl5vw8YfRzX2IPs4YNyFxSS4VkeIPVGYt7R+Am2vdG1ju7rC8kSfgdYWnVWMB1nFJCmxMMvG721Uq+HpLrsaEpZfxndRqIliduPNUbqE3m/bg==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=XS1WIsknv2NKOvqKgvsAhRASFpiwvCjKe2omQH0PijeQTQTtncdpGt5effQHBCo7T73g/l3l7vfPDeSRGjkouaZwSNVQXKTZJodQRT6TBLQjw/m9+57kQ8h3WGFM2nJs330oSb2maaM7Nb7c1uP/kc0UoEOmYGdunZXkgmDTZuSPtOd2fp+Vz+d7aXejZUt9fW59TeK6p63LSZ4OhtesmieOBhtmbKsfZk3qtQ92Isi1NkdtZB2cYU1ZB0NR7oXbsX6v/nW/7QzAKQvG9AftLDLUTJT/CD2L92DRLYE7hBtjoj5HUATSdakFS+2+tWiPDJ4mJ+HXN5CqidRjRYuViQ==

Authentication-results-original: kernel.org; dkim=none (message not signed) header.d=none;kernel.org; dmarc=none action=none header.from=arm.com;

Cc: "open list:X86" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Stefano Stabellini <stefano.stabellini@xxxxxxxxxx>, "andrew.cooper3@xxxxxxxxxx" <andrew.cooper3@xxxxxxxxxx>, "george.dunlap@xxxxxxxxxx" <george.dunlap@xxxxxxxxxx>, "iwj@xxxxxxxxxxxxxx" <iwj@xxxxxxxxxxxxxx>, "jbeulich@xxxxxxxx" <jbeulich@xxxxxxxx>, "julien@xxxxxxx" <julien@xxxxxxx>, "wl@xxxxxxx" <wl@xxxxxxx>

Delivery-date: Wed, 18 Nov 2020 08:45:26 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Nodisclaimer: true

Original-authentication-results: kernel.org; dkim=none (message not signed) header.d=none;kernel.org; dmarc=none action=none header.from=arm.com;

Thread-index: AQHWvUT1dGbwa+YaakuAH1PIoRpzaanNk7GA

Thread-topic: [PATCH v2] xen: EXPERT clean-up and introduce UNSUPPORTED

Hi Stefano, > On 18 Nov 2020, at 00:50, Stefano Stabellini <sstabellini@xxxxxxxxxx> wrote: > > From: Stefano Stabellini <stefano.stabellini@xxxxxxxxxx> > > A recent thread [1] has exposed a couple of issues with our current way > of handling EXPERT. > > 1) It is not obvious that "Configure standard Xen features (expert > users)" is actually the famous EXPERT we keep talking about on xen-devel > > 2) It is not obvious when we need to enable EXPERT to get a specific > feature > > In particular if you want to enable ACPI support so that you can boot > Xen on an ACPI platform, you have to enable EXPERT first. But searching > through the kconfig menu it is really not clear (type '/' and "ACPI"): > nothing in the description tells you that you need to enable EXPERT to > get the option. This is a great change that makes configuration more clear. > > So this patch makes things easier by doing two things: > > - introduce a new kconfig option UNSUPPORTED which is clearly to enable > UNSUPPORTED features as defined by SUPPORT.md > > - change EXPERT options to UNSUPPORTED where it makes sense: keep > depending on EXPERT for features made for experts > > - tag unsupported features by adding (UNSUPPORTED) to the one-line > description > > - clarify the EXPERT one-line description Should we also follow the scheme and add (EXPERT) in the text for expert options ? and one small fix > > [1] https://marc.info/?l=xen-devel&m=160333101228981 > > Signed-off-by: Stefano Stabellini <stefano.stabellini@xxxxxxxxxx> > CC: andrew.cooper3@xxxxxxxxxx > CC: george.dunlap@xxxxxxxxxx > CC: iwj@xxxxxxxxxxxxxx > CC: jbeulich@xxxxxxxx > CC: julien@xxxxxxx > CC: wl@xxxxxxx > > --- > Changes in v2: > - introduce UNSUPPORTED as a separate new option > - don't switch all EXPERT options to UNSUPPORTED > --- > xen/Kconfig | 11 ++++++++++- > xen/arch/arm/Kconfig | 10 +++++----- > xen/arch/x86/Kconfig | 8 ++++---- > xen/common/Kconfig | 4 ++-- > xen/common/sched/Kconfig | 6 +++--- > 5 files changed, 24 insertions(+), 15 deletions(-) > > diff --git a/xen/Kconfig b/xen/Kconfig > index 34c318bfa2..59400c4788 100644 > --- a/xen/Kconfig > +++ b/xen/Kconfig > @@ -34,8 +34,17 @@ config DEFCONFIG_LIST > option defconfig_list > default ARCH_DEFCONFIG > > +config UNSUPPORTED > + bool "Configure UNSUPPORTED features" > + help > + This option allows unsupported Xen options to be enabled, which > + includes non-security-supported, experimental, and tech preview > + features as defined by SUPPORT.md. Xen binaries built with this > + option enabled are not security supported. > + default n > + > config EXPERT > - bool "Configure standard Xen features (expert users)" > + bool "Configure EXPERT features" > help > This option allows certain base Xen options and settings > to be disabled or tweaked. This is for specialized environments > diff --git a/xen/arch/arm/Kconfig b/xen/arch/arm/Kconfig > index f938dd21bd..5981e7380d 100644 > --- a/xen/arch/arm/Kconfig > +++ b/xen/arch/arm/Kconfig > @@ -32,7 +32,7 @@ menu "Architecture Features" > source "arch/Kconfig" > > config ACPI > - bool "ACPI (Advanced Configuration and Power Interface) Support" if > EXPERT > + bool "ACPI (Advanced Configuration and Power Interface) Support > (UNSUPPORTED)" if UNSUPPORTED > depends on ARM_64 > ---help--- > > @@ -49,7 +49,7 @@ config GICV3 > If unsure, say Y > > config HAS_ITS > - bool "GICv3 ITS MSI controller support" if EXPERT > + bool "GICv3 ITS MSI controller support (UNSUPPORTED)" if UNSUPPORTED > depends on GICV3 && !NEW_VGIC > > config HVM > @@ -79,7 +79,7 @@ config SBSA_VUART_CONSOLE > SBSA Generic UART implements a subset of ARM PL011 UART. > > config ARM_SSBD > - bool "Speculative Store Bypass Disable" if EXPERT > + bool "Speculative Store Bypass Disable (UNSUPPORTED)" if UNSUPPORTED > depends on HAS_ALTERNATIVE > default y > help > @@ -89,7 +89,7 @@ config ARM_SSBD > If unsure, say Y. > > config HARDEN_BRANCH_PREDICTOR > - bool "Harden the branch predictor against aliasing attacks" if EXPERT > + bool "Harden the branch predictor against aliasing attacks > (UNSUPPORTED)" if UNSUPPORTED > default y > help > Speculation attacks against some high-performance processors rely on > @@ -106,7 +106,7 @@ config HARDEN_BRANCH_PREDICTOR > If unsure, say Y. > > config TEE > - bool "Enable TEE mediators support" if EXPERT > + bool "Enable TEE mediators support (UNSUPPORTED)" if UNSUPPORTED > default n > help > This option enables generic TEE mediators support. It allows guests > diff --git a/xen/arch/x86/Kconfig b/xen/arch/x86/Kconfig > index 24868aa6ad..d4e20e9d31 100644 > --- a/xen/arch/x86/Kconfig > +++ b/xen/arch/x86/Kconfig > @@ -102,8 +102,8 @@ config HVM > If unsure, say Y. > > config XEN_SHSTK > - bool "Supervisor Shadow Stacks" > - depends on HAS_AS_CET_SS && EXPERT > + bool "Supervisor Shadow Stacks (UNSUPPORTED)" > + depends on HAS_AS_CET_SS && UNSUPPORTED This one is not following the standard scheme with “if UNSUPPORTED" Cheers Bertrand > default y > ---help--- > Control-flow Enforcement Technology (CET) is a set of features in > @@ -165,7 +165,7 @@ config HVM_FEP > If unsure, say N. > > config TBOOT > - bool "Xen tboot support" if EXPERT > + bool "Xen tboot support (UNSUPPORTED)" if UNSUPPORTED > default y if !PV_SHIM_EXCLUSIVE > select CRYPTO > ---help--- > @@ -251,7 +251,7 @@ config HYPERV_GUEST > endif > > config MEM_SHARING > - bool "Xen memory sharing support" if EXPERT > + bool "Xen memory sharing support (UNSUPPORTED)" if UNSUPPORTED > depends on HVM > > endmenu > diff --git a/xen/common/Kconfig b/xen/common/Kconfig > index 3e2cf25088..beed507727 100644 > --- a/xen/common/Kconfig > +++ b/xen/common/Kconfig > @@ -151,7 +151,7 @@ config KEXEC > If unsure, say Y. > > config EFI_SET_VIRTUAL_ADDRESS_MAP > - bool "EFI: call SetVirtualAddressMap()" if EXPERT > + bool "EFI: call SetVirtualAddressMap() (UNSUPPORTED)" if UNSUPPORTED > ---help--- > Call EFI SetVirtualAddressMap() runtime service to setup memory map for > further runtime services. According to UEFI spec, it isn't strictly > @@ -272,7 +272,7 @@ config LATE_HWDOM > If unsure, say N. > > config ARGO > - bool "Argo: hypervisor-mediated interdomain communication" if EXPERT > + bool "Argo: hypervisor-mediated interdomain communication > (UNSUPPORTED)" if UNSUPPORTED > ---help--- > Enables a hypercall for domains to ask the hypervisor to perform > data transfer of messages between domains. > diff --git a/xen/common/sched/Kconfig b/xen/common/sched/Kconfig > index 61231aacaa..94c9e20139 100644 > --- a/xen/common/sched/Kconfig > +++ b/xen/common/sched/Kconfig > @@ -15,7 +15,7 @@ config SCHED_CREDIT2 > optimized for lower latency and higher VM density. > > config SCHED_RTDS > - bool "RTDS scheduler support (EXPERIMENTAL)" > + bool "RTDS scheduler support (UNSUPPORTED)" if UNSUPPORTED > default y > ---help--- > The RTDS scheduler is a soft and firm real-time scheduler for > @@ -23,14 +23,14 @@ config SCHED_RTDS > in the cloud, and general low-latency workloads. > > config SCHED_ARINC653 > - bool "ARINC653 scheduler support (EXPERIMENTAL)" > + bool "ARINC653 scheduler support (UNSUPPORTED)" if UNSUPPORTED > default DEBUG > ---help--- > The ARINC653 scheduler is a hard real-time scheduler for single > cores, targeted for avionics, drones, and medical devices. > > config SCHED_NULL > - bool "Null scheduler support (EXPERIMENTAL)" > + bool "Null scheduler support (UNSUPPORTED)" if UNSUPPORTED > default y > ---help--- > The null scheduler is a static, zero overhead scheduler, > -- > 2.17.1 >

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.