|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH 2/2] xen: convert XSM_ENABLE to Kconfig
On 1/4/16 2:01 PM, Daniel De Graaf wrote: > On 22/12/15 16:26, Doug Goldstein wrote: >> Converts the existing XSM_ENABLE flag from Config.mk to CONFIG_XSM >> within Kconfig. This also re-adds the dependency of CONFIG_FLASK on >> CONFIG_XSM. >> >> CC: Keir Fraser <keir@xxxxxxx> >> CC: Jan Beulich <jbeulich@xxxxxxxx> >> CC: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> >> Signed-off-by: Doug Goldstein <cardoe@xxxxxxxxxx> > > The dependencies for LATE_HWDOM are backwards: it is an optional X86-only > feature (which probably should be off by default) that depends on XSM to > work properly. Currently its always enabled if XSM_ENABLE is set. But if you are comfortable I'll tweak the patch to make this adjustable. Are you ok keeping your Ack-by as well? > > How about this for the help text: > > Allows the creation of a dedicated hardware domain distinct from > domain 0 that manages devices without needing access to other > privileged functionality such as the ability to manage domains. > This requires that the actual domain 0 be a stub domain that > constructs the actual hardware domain instead of initializing the > hardware itself. Because the hardware domain needs access to > hypercalls not available to unprivileged guests, an XSM policy > is required to properly define the privilege of these domains. > > This feature does nothing if the "hardware_dom" boot parameter is > not present. If this feature is being used for security, it should > be combined with an IOMMU in strict mode. > > If unsure, say N. Perfect! This is what I'm looking for from the various maintainers to help improve the documentation of different flags. -- Doug Goldstein Attachment:
signature.asc _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |