Wei Liu writes ("[PATCH 3/5] xen: replace TEST_COVERAGE with CONFIG_GCOV"):
> The sole purpose of TEST_COVERAGE macro is to guard the availability of
> gcov sysctl. Now we have a proper CONFIG_GCOV, use it.
FAOD my reading of xen/Kconfig.debug is that CONFIG_GCOV depends on
CONFIG_DEBUG which says
This option is intended for development purposes
only, and not for production use.
and is therefore out of security support.
Accordingly I think the only security review needed for the hypervisor
part is to check that everything is indeed disabled without
Xen-devel mailing list