>>> On 12.06.18 at 21:53, <sstabell...@kernel.org> wrote:
> On Tue, 12 Jun 2018, Jan Beulich wrote:
>> >> >> As a consequence of these changes, some options will become 
>> >> >> user-visible
>> >> >> and not dependent on CONFIG_EXPERT. It does not mean that Xen Project
>> >> >> will security support all possible combinations of kconfig options.
>> >> >> Instead, there will be a small set of pre-canned configurations that
>> >> >> will be supported.  See: 
>> >> >> https://marc.info/?l=xen-devel&m=152424389512432 
>> >> > 
>> >> > George, Ian, Jan, shall SUPPORT.MD be updated to reflect the Kconfig 
>> >> > changes?
>> >> > 
>> >> > I am mostly thinking about the board support and the fact that more 
>> >> > options on Arm are selectable by the users.
>> >> 
>> >> I think that would be very desirable, yes.
>> > 
>> > Do you want me to add a patch for that to this series, or should I do it
>> > separately?
>> 
>> I think such a doc change should be right in a particular patch making
>> things user selectable.
> 
> I have added the following to patch #5, the one introducing all the UART
> Kconfigs on ARM. I think it is the one introducing more new options. I
> removed Julien's ACK because of this change. Let me know if you think we
> need more details in SUPPORT.md.
> 
> diff --git a/SUPPORT.md b/SUPPORT.md
> index 264b23f..e70f35c 100644
> --- a/SUPPORT.md
> +++ b/SUPPORT.md
> @@ -16,6 +16,18 @@ for the definitions of the support status levels etc.
>  
>  # Feature Support
>  
> +## Kconfig
> +
> +On x86, Kconfig options that depend on CONFIG_EXPERT are not security
> +supported. Other Kconfig options that do not depend on CONFIG_EXPERT are
> +supported, if the related features marked as supported in this document.

..., if the related features are marked ...

> +On ARM, a wider range of Kconfig configurations is available to enable
> +very small lines of code counts in the hypervisor. Not all possible
> +combinations of kconfig options are security supported. Instead, a small
> +set of pre-canned configurations is supported, see xen/arch/arm/configs.

Patch 5 does not add any EXPERT dependencies afaics, so this is at least
misleading. I think the EXPERT rule should apply generically, and perhaps be
introduced by (and discussed in the context of) a separate patch. I also
think DEBUG should be mentioned alongside EXPERT.

The patch relaxing things for ARM would then add a relaxation paragraph
here.

Jan



_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Reply via email to