All of lore.kernel.org
 help / color / mirror / Atom feed
From: "Jan Beulich" <JBeulich@suse.com>
To: George Dunlap <george.dunlap@citrix.com>
Cc: Tamas K Lengyel <tamas.lengyel@zentific.com>,
	StefanoStabellini <sstabellini@kernel.org>,
	Wei Liu <wei.liu2@citrix.com>,
	Konrad Wilk <konrad.wilk@oracle.com>,
	Andrew Cooper <andrew.cooper3@citrix.com>,
	TimDeegan <tim@xen.org>, RichPersaud <persaur@gmail.com>,
	Ian Jackson <ian.jackson@citrix.com>,
	xen-devel@lists.xenproject.org
Subject: Re: [PATCH 12/16] SUPPORT.md: Add Security-releated features
Date: Thu, 23 Nov 2017 03:13:51 -0700	[thread overview]
Message-ID: <5A16AD6F0200007800191459@prv-mh.provo.novell.com> (raw)
In-Reply-To: <41123076-606e-71b7-27da-b54085843483@citrix.com>

>>> On 22.11.17 at 18:13, <george.dunlap@citrix.com> wrote:
> On 11/21/2017 08:52 AM, Jan Beulich wrote:
>>>>> On 13.11.17 at 16:41, <george.dunlap@citrix.com> wrote:
>>> With the exception of driver domains, which depend on PCI passthrough,
>>> and will be introduced later.
>>>
>>> Signed-off-by: George Dunlap <george.dunlap@citrix.com>
>> 
>> Shouldn't we also explicitly exclude tool stack disaggregation here,
>> with reference to XSA-77?
> 
> Well in this document, we already consider XSM "experimental"; that
> would seem to subsume the specific exclusions listed in XSA-77.
> 
> I've modified the "XSM & FLASK" as below; let me know what you think.
> 
> The other option would be to make separate entries for specific uses of
> XSM (i.e., "for simple domain restriction" vs "for domain disaggregation").
> 
>  -George
> 
> 
> ### XSM & FLASK
> 
>     Status: Experimental
> 
> Compile time disabled.
> 
> Also note that using XSM
> to delegate various domain control hypercalls
> to particular other domains, rather than only permitting use by dom0,
> is also specifically excluded from security support for many hypercalls.
> Please see XSA-77 for more details.

That's fine with mel.

Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

  reply	other threads:[~2017-11-23 10:13 UTC|newest]

Thread overview: 90+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-11-13 15:41 [PATCH 01/16] Introduce skeleton SUPPORT.md George Dunlap
2017-11-13 15:41 ` [PATCH 02/16] SUPPORT.md: Add core functionality George Dunlap
2017-11-21  8:03   ` Jan Beulich
2017-11-21 10:36     ` George Dunlap
2017-11-21 11:34       ` Jan Beulich
2017-11-13 15:41 ` [PATCH 03/16] SUPPORT.md: Add some x86 features George Dunlap
2017-11-21  8:09   ` Jan Beulich
2017-11-21 10:42     ` George Dunlap
2017-11-21 11:35       ` Jan Beulich
2017-11-21 12:24         ` George Dunlap
2017-11-21 13:00           ` Jan Beulich
2017-11-21 12:32         ` Ian Jackson
2017-11-13 15:41 ` [PATCH 04/16] SUPPORT.md: Add core ARM features George Dunlap
2017-11-21  8:11   ` Jan Beulich
2017-11-21 10:45     ` George Dunlap
2017-11-21 10:59       ` Julien Grall
2017-11-21 11:37       ` Jan Beulich
2017-11-21 12:39         ` George Dunlap
2017-11-21 13:01           ` Jan Beulich
2017-11-13 15:41 ` [PATCH 05/16] SUPPORT.md: Toolstack core George Dunlap
2017-11-13 15:41 ` [PATCH 06/16] SUPPORT.md: Add scalability features George Dunlap
2017-11-16 15:19   ` Julien Grall
2017-11-16 15:30     ` George Dunlap
2017-11-21 16:43     ` George Dunlap
2017-11-21 17:31       ` Julien Grall
2017-11-21 17:51         ` George Dunlap
2017-11-21  8:16   ` Jan Beulich
2017-11-13 15:41 ` [PATCH 07/16] SUPPORT.md: Add virtual devices common to ARM and x86 George Dunlap
2017-11-21  8:29   ` Jan Beulich
2017-11-21  9:19     ` Paul Durrant
2017-11-21 10:56     ` George Dunlap
2017-11-21 11:41       ` Jan Beulich
2017-11-21 17:20         ` George Dunlap
2017-11-22 11:05           ` Jan Beulich
2017-11-22 16:16             ` George Dunlap
2017-11-21 17:35     ` George Dunlap
2017-11-22 11:07       ` Jan Beulich
2017-11-13 15:41 ` [PATCH 08/16] SUPPORT.md: Add x86-specific virtual hardware George Dunlap
2017-11-21  8:39   ` Jan Beulich
2017-11-21 18:02     ` George Dunlap
2017-11-22 11:11       ` Jan Beulich
2017-11-22 11:21         ` George Dunlap
2017-11-22 11:45         ` George Dunlap
2017-11-22 16:30         ` George Dunlap
2017-11-13 15:41 ` [PATCH 09/16] SUPPORT.md: Add ARM-specific " George Dunlap
2017-11-16 15:41   ` Julien Grall
2017-11-22 16:32     ` George Dunlap
2017-11-16 15:41   ` Julien Grall
2017-11-13 15:41 ` [PATCH 10/16] SUPPORT.md: Add Debugging, analysis, crash post-portem George Dunlap
2017-11-21  8:48   ` Jan Beulich
2017-11-21 18:19     ` George Dunlap
2017-11-21 19:05       ` Ian Jackson
2017-11-21 19:21         ` Andrew Cooper
2017-11-22 10:51           ` George Dunlap
2017-11-22 11:15       ` Jan Beulich
2017-11-22 17:06         ` George Dunlap
2017-11-13 15:41 ` [PATCH 11/16] SUPPORT.md: Add 'easy' HA / FT features George Dunlap
2017-11-21  8:49   ` Jan Beulich
2017-11-13 15:41 ` [PATCH 12/16] SUPPORT.md: Add Security-releated features George Dunlap
2017-11-16 16:23   ` Konrad Rzeszutek Wilk
2017-11-21  8:52   ` Jan Beulich
2017-11-22 17:13     ` George Dunlap
2017-11-23 10:13       ` Jan Beulich [this message]
2017-11-13 15:41 ` [PATCH 13/16] SUPPORT.md: Add secondary memory management features George Dunlap
2017-11-21  8:54   ` Jan Beulich
2017-11-21 19:55   ` Andrew Cooper
2017-11-22 17:15     ` George Dunlap
2017-11-23 10:35       ` Jan Beulich
2017-11-23 10:42         ` Olaf Hering
2017-11-23 11:55           ` Olaf Hering
2017-11-23 12:00             ` George Dunlap
2017-11-23 12:17               ` Andrew Cooper
2017-11-23 12:45                 ` Olaf Hering
2017-11-23 12:58                   ` Andrew Cooper
2017-11-23 17:58                     ` George Dunlap
2017-11-13 15:41 ` [PATCH 14/16] SUPPORT.md: Add statement on PCI passthrough George Dunlap
2017-11-14 13:25   ` Marek Marczykowski-Górecki
2017-11-22 17:18     ` George Dunlap
2017-11-16 15:43   ` Julien Grall
2017-11-22 18:58     ` George Dunlap
2017-11-22 19:05       ` Rich Persaud
2017-11-21  8:59   ` Jan Beulich
2017-11-22 17:20     ` George Dunlap
2017-11-13 15:41 ` [PATCH 15/16] SUPPORT.md: Add statement on migration RFC George Dunlap
2017-11-13 15:41 ` [PATCH 16/16] SUPPORT.md: Add limits RFC George Dunlap
2017-11-21  9:26   ` Jan Beulich
2017-11-22 18:01     ` George Dunlap
2017-11-23 10:33       ` Jan Beulich
2017-11-13 15:43 ` [PATCH 01/16] Introduce skeleton SUPPORT.md George Dunlap
2017-11-20 17:01 ` Jan Beulich

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=5A16AD6F0200007800191459@prv-mh.provo.novell.com \
    --to=jbeulich@suse.com \
    --cc=andrew.cooper3@citrix.com \
    --cc=george.dunlap@citrix.com \
    --cc=ian.jackson@citrix.com \
    --cc=konrad.wilk@oracle.com \
    --cc=persaur@gmail.com \
    --cc=sstabellini@kernel.org \
    --cc=tamas.lengyel@zentific.com \
    --cc=tim@xen.org \
    --cc=wei.liu2@citrix.com \
    --cc=xen-devel@lists.xenproject.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.