From: Jan Beulich <jbeulich@suse.com>
To: George Dunlap <George.Dunlap@citrix.com>
Cc: "Jürgen Groß" <jgross@suse.com>,
"Stefano Stabellini" <sstabellini@kernel.org>,
"Julien Grall" <julien@xen.org>, "Wei Liu" <wl@xen.org>,
"Andrew Cooper" <Andrew.Cooper3@citrix.com>,
"Ian Jackson" <Ian.Jackson@citrix.com>,
xen-devel <xen-devel@lists.xenproject.org>
Subject: Re: [PATCH v7 08/12] xen: add /buildinfo/config entry to hypervisor filesystem
Date: Tue, 28 Apr 2020 09:20:36 +0200 [thread overview]
Message-ID: <fb0e92cc-102f-7f87-1ad6-f3ccce1eee60@suse.com> (raw)
In-Reply-To: <085E1F72-EC22-43D6-8F7E-EDC132CC787D@citrix.com>
On 27.04.2020 18:25, George Dunlap wrote:
> If Jan is OK with it simply being outside CONFIG_EXPERT, then great. But if he insists on some kind of testing for it to be outside of CONFIG_EXPERT, then again, the people who want it to be security supported should be the ones who do the work to make it happen.
I don't understand this part, I'm afraid: Without a config option,
the code is going to be security supported as long as it doesn't
get marked otherwise (experimental or what not). With an option
depending on EXPERT, what would become security unsupported is the
non-default (i.e. disabled) setting. There's not a whole lot to
test there, it's merely a formal consequence of our general rules.
(Of course, over time dependencies of other code may develop on
the information being available e.g. to Dom0 userland. Just like
there's Linux userland code assuming the kernel config is
available in certain ways [I don't necessarily mean the equivalent
of hypfs here], to then use it in what I'd call abusive ways in at
least some cases.)
Jan
next prev parent reply other threads:[~2020-04-28 7:21 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-02 15:46 [PATCH v7 00/12] Add hypervisor sysfs-like support Juergen Gross
2020-04-02 15:46 ` [PATCH v7 01/12] xen/vmx: let opt_ept_ad always reflect the current setting Juergen Gross
2020-04-03 14:05 ` Jan Beulich
2020-04-03 14:56 ` Jürgen Groß
2020-04-02 15:46 ` [PATCH v7 02/12] xen: add a generic way to include binary files as variables Juergen Gross
2020-04-02 15:46 ` [PATCH v7 03/12] docs: add feature document for Xen hypervisor sysfs-like support Juergen Gross
2020-04-27 13:55 ` George Dunlap
2020-05-07 11:17 ` Jürgen Groß
2020-04-02 15:46 ` [PATCH v7 04/12] xen: add basic hypervisor filesystem support Juergen Gross
2020-04-03 14:23 ` Jan Beulich
2020-04-03 15:05 ` Jürgen Groß
2020-04-03 15:31 ` Jan Beulich
2020-04-03 15:33 ` Jürgen Groß
2020-04-02 15:46 ` [PATCH v7 05/12] libs: add libxenhypfs Juergen Gross
2020-04-27 14:53 ` George Dunlap
2020-05-07 11:35 ` Jürgen Groß
2020-04-02 15:46 ` [PATCH v7 06/12] tools: add xenfs tool Juergen Gross
2020-04-02 15:46 ` [PATCH v7 07/12] xen: provide version information in hypfs Juergen Gross
2020-04-02 15:46 ` [PATCH v7 08/12] xen: add /buildinfo/config entry to hypervisor filesystem Juergen Gross
2020-04-03 14:31 ` Jan Beulich
2020-04-03 15:12 ` Jürgen Groß
2020-04-03 15:33 ` Jan Beulich
2020-04-03 15:45 ` Jürgen Groß
2020-04-06 12:29 ` Jan Beulich
2020-04-27 15:40 ` Jürgen Groß
2020-04-27 16:25 ` George Dunlap
2020-04-28 7:20 ` Jan Beulich [this message]
2020-04-28 8:24 ` George Dunlap
2020-04-28 8:39 ` Jan Beulich
2020-04-28 9:43 ` Julien Grall
2020-04-28 9:59 ` Jan Beulich
2020-04-28 10:06 ` Julien Grall
2020-04-28 11:23 ` George Dunlap
2020-04-28 11:30 ` Jürgen Groß
2020-04-02 15:46 ` [PATCH v7 09/12] xen: add runtime parameter access support to hypfs Juergen Gross
2020-04-03 14:51 ` Jan Beulich
2020-04-03 15:31 ` Jürgen Groß
2020-04-14 9:29 ` Julien Grall
2020-04-14 9:31 ` Jan Beulich
2020-04-14 9:45 ` Julien Grall
2020-04-14 9:50 ` Jan Beulich
2020-04-14 10:38 ` Julien Grall
2020-04-02 15:46 ` [PATCH v7 10/12] tools/libxl: use libxenhypfs for setting xen runtime parameters Juergen Gross
2020-04-02 15:46 ` [PATCH v7 11/12] tools/libxc: remove xc_set_parameters() Juergen Gross
2020-04-02 15:46 ` [PATCH v7 12/12] xen: remove XEN_SYSCTL_set_parameter support Juergen Gross
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=fb0e92cc-102f-7f87-1ad6-f3ccce1eee60@suse.com \
--to=jbeulich@suse.com \
--cc=Andrew.Cooper3@citrix.com \
--cc=George.Dunlap@citrix.com \
--cc=Ian.Jackson@citrix.com \
--cc=jgross@suse.com \
--cc=julien@xen.org \
--cc=sstabellini@kernel.org \
--cc=wl@xen.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).