[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 2/2] xen: convert XSM_ENABLE to Kconfig



On 1/4/16 2:01 PM, Daniel De Graaf wrote:
> On 22/12/15 16:26, Doug Goldstein wrote:
>> Converts the existing XSM_ENABLE flag from Config.mk to CONFIG_XSM
>> within Kconfig. This also re-adds the dependency of CONFIG_FLASK on
>> CONFIG_XSM.
>>
>> CC: Keir Fraser <keir@xxxxxxx>
>> CC: Jan Beulich <jbeulich@xxxxxxxx>
>> CC: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
>> Signed-off-by: Doug Goldstein <cardoe@xxxxxxxxxx>
> 
> The dependencies for LATE_HWDOM are backwards: it is an optional X86-only
> feature (which probably should be off by default) that depends on XSM to
> work properly.

Currently its always enabled if XSM_ENABLE is set. But if you are
comfortable I'll tweak the patch to make this adjustable. Are you ok
keeping your Ack-by as well?

> 
> How about this for the help text:
> 
> Allows the creation of a dedicated hardware domain distinct from
> domain 0 that manages devices without needing access to other
> privileged functionality such as the ability to manage domains.
> This requires that the actual domain 0 be a stub domain that
> constructs the actual hardware domain instead of initializing the
> hardware itself.  Because the hardware domain needs access to
> hypercalls not available to unprivileged guests, an XSM policy
> is required to properly define the privilege of these domains.
> 
> This feature does nothing if the "hardware_dom" boot parameter is
> not present.  If this feature is being used for security, it should
> be combined with an IOMMU in strict mode.
> 
> If unsure, say N.

Perfect! This is what I'm looking for from the various maintainers to
help improve the documentation of different flags.

-- 
Doug Goldstein

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.