On 22.09.2021 11:19, Julien Grall wrote: > On 22/09/2021 13:21, Roger Pau Monne wrote: >> --- a/docs/man/xl.cfg.5.pod.in >> +++ b/docs/man/xl.cfg.5.pod.in >> @@ -583,8 +583,8 @@ L<xl.conf(5)>. >> =item B<max_grant_version=NUMBER> >> >> Specify the maximum grant table version the domain is allowed to use. >> Current >> -supported versions are 1 and 2. The default value is settable via >> -L<xl.conf(5)>. >> +supported versions are 1 and 2. Setting to 0 disables the grant table for >> the >> +domain. The default value is settable via L<xl.conf(5)>. > > Technically, the version only applies to format of the table for > granting page. The mapping itself is version agnostic. So this feels a > bit wrong to use max_grant_version to not allocate d->grant_table. > > I also can see use-cases where we may want to allow a domain to grant > page but not map grant (for instance, a further hardening of XSA-380).
Or the other way around: A typical Dom0 may not have a need to grant anything, but will likely want to be able to map grants. Nevertheless I think an overall "no grant operations at all" switch is good; both of the sub-aspects already have controls. Jan
