|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH] common/gnttab: Introduce command line feature controls
On 25/08/17 10:49, Jan Beulich wrote: >>>> On 24.08.17 at 16:50, <andrew.cooper3@xxxxxxxxxx> wrote: >> --- a/docs/misc/xen-command-line.markdown >> +++ b/docs/misc/xen-command-line.markdown >> @@ -868,6 +868,19 @@ Controls EPT related features. >> >> Specify which console gdbstub should use. See **console**. >> >> +### gnttab >> +> `= List of [ max_ver:<integer>, transitive ]` >> + >> +> Default: `gnttab=max_ver:2,transitive` >> + >> +Control various aspects of the grant table behaviour available to guests. >> + >> +* `max_ver` Select the maximum grant table version to offer to guests. >> Valid >> +version are 1 and 2. >> +* `transitive` Permit or disallow the use of transitive grants. Note that >> the >> +use of grant table v2 without transitive grants is an ABI breakage from the >> +guests point of view. > Btw, with the need to use v2 on huge systems I'm no longer > convinced providing an option to disable it is a good idea. "necessary to support larger systems" is not a valid reason to prevent smaller systems having the option to reduce their hypervisor attack surface. We have an unnecessarily large number of XSAs from hypervisor features which noone uses, and a similarly large number of XSAs from features which are only used in specialised usecases. Removing unused attack surfaces in common cases makes perfect sense for downstreams. ~Andrew _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx https://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |