subject:"\[Xen\-devel\] \[RFC PATCH 1\/7\] build\: add debug menu to Kconfig"

Re: [Xen-devel] [RFC PATCH 1/7] build: add debug menu to Kconfig

2016-05-02 Thread Doug Goldstein

On 5/2/16 6:02 AM, Andrew Cooper wrote:
> On 02/05/2016 11:42, Wei Liu wrote:
>> On Sun, May 01, 2016 at 11:10:40PM -0500, Doug Goldstein wrote:
>>> There are a number of debugging options for Xen so the idea is to have a
>>> menu to group them all together. Enabling this menu item will also
>>> disable NDEBUG which will result in more debug prints. This was
>>> previously wired into the 'debug=y' command line option.
>>>
>>> Signed-off-by: Doug Goldstein 
>>> ---
>>> CC: Andrew Cooper 
>>> CC: George Dunlap 
>>> CC: Ian Jackson 
>>> CC: Jan Beulich 
>>> CC: Konrad Rzeszutek Wilk 
>>> CC: Stefano Stabellini 
>>> CC: Tim Deegan 
>>> CC: Wei Liu 
>>> ---
>>>  xen/Kconfig  | 2 ++
>>>  xen/Kconfig.debug| 7 +++
>>>  xen/include/xen/config.h | 4 
>>>  3 files changed, 13 insertions(+)
>>>  create mode 100644 xen/Kconfig.debug
>>>
>>> diff --git a/xen/Kconfig b/xen/Kconfig
>>> index fa8b27c..0fe7a1a 100644
>>> --- a/xen/Kconfig
>>> +++ b/xen/Kconfig
>>> @@ -26,3 +26,5 @@ config DEFCONFIG_LIST
>>>  config EXPERT
>>> string
>>> option env="XEN_CONFIG_EXPERT"
>>> +
>>> +source "Kconfig.debug"
>>> diff --git a/xen/Kconfig.debug b/xen/Kconfig.debug
>>> new file mode 100644
>>> index 000..d14d758
>>> --- /dev/null
>>> +++ b/xen/Kconfig.debug
>>> @@ -0,0 +1,7 @@
>>> +
>>> +menuconfig DEBUG
>>> +   bool "Debugging Options"
>>> +   ---help---
>>> + If you want to debug Xen say Y and select any additional debugging
>>> + support options. This enables additional debugging through Xen
>>> + and as a result enabling this option results in no security 
>>> guarantees.
>> Maybe that's because I'm not a native speaker, this doesn't sound right
>> to me -- it implies debugging option makes xen insecure.
>>
>> I think you mean "results in no security support"?
> 
> Instead of mentioning security, I would simply say "Enabling this option
> is intended for development purposes only, and not for production use".
> 
> There is already a statement saying that issues which only affect a
> debug hypervisor are not considered security relevant.
> 
> ~Andrew
> 

Yeah that's better wording than what I've got. I'll update it. Thanks!

-- 
Doug Goldstein



signature.asc
Description: OpenPGP digital signature
___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

Re: [Xen-devel] [RFC PATCH 1/7] build: add debug menu to Kconfig

2016-05-02 Thread Andrew Cooper

On 02/05/2016 11:42, Wei Liu wrote:
> On Sun, May 01, 2016 at 11:10:40PM -0500, Doug Goldstein wrote:
>> There are a number of debugging options for Xen so the idea is to have a
>> menu to group them all together. Enabling this menu item will also
>> disable NDEBUG which will result in more debug prints. This was
>> previously wired into the 'debug=y' command line option.
>>
>> Signed-off-by: Doug Goldstein 
>> ---
>> CC: Andrew Cooper 
>> CC: George Dunlap 
>> CC: Ian Jackson 
>> CC: Jan Beulich 
>> CC: Konrad Rzeszutek Wilk 
>> CC: Stefano Stabellini 
>> CC: Tim Deegan 
>> CC: Wei Liu 
>> ---
>>  xen/Kconfig  | 2 ++
>>  xen/Kconfig.debug| 7 +++
>>  xen/include/xen/config.h | 4 
>>  3 files changed, 13 insertions(+)
>>  create mode 100644 xen/Kconfig.debug
>>
>> diff --git a/xen/Kconfig b/xen/Kconfig
>> index fa8b27c..0fe7a1a 100644
>> --- a/xen/Kconfig
>> +++ b/xen/Kconfig
>> @@ -26,3 +26,5 @@ config DEFCONFIG_LIST
>>  config EXPERT
>>  string
>>  option env="XEN_CONFIG_EXPERT"
>> +
>> +source "Kconfig.debug"
>> diff --git a/xen/Kconfig.debug b/xen/Kconfig.debug
>> new file mode 100644
>> index 000..d14d758
>> --- /dev/null
>> +++ b/xen/Kconfig.debug
>> @@ -0,0 +1,7 @@
>> +
>> +menuconfig DEBUG
>> +bool "Debugging Options"
>> +---help---
>> +  If you want to debug Xen say Y and select any additional debugging
>> +  support options. This enables additional debugging through Xen
>> +  and as a result enabling this option results in no security 
>> guarantees.
> Maybe that's because I'm not a native speaker, this doesn't sound right
> to me -- it implies debugging option makes xen insecure.
>
> I think you mean "results in no security support"?

Instead of mentioning security, I would simply say "Enabling this option
is intended for development purposes only, and not for production use".

There is already a statement saying that issues which only affect a
debug hypervisor are not considered security relevant.

~Andrew

___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

Re: [Xen-devel] [RFC PATCH 1/7] build: add debug menu to Kconfig

2016-05-02 Thread Wei Liu

On Sun, May 01, 2016 at 11:10:40PM -0500, Doug Goldstein wrote:
> There are a number of debugging options for Xen so the idea is to have a
> menu to group them all together. Enabling this menu item will also
> disable NDEBUG which will result in more debug prints. This was
> previously wired into the 'debug=y' command line option.
> 
> Signed-off-by: Doug Goldstein 
> ---
> CC: Andrew Cooper 
> CC: George Dunlap 
> CC: Ian Jackson 
> CC: Jan Beulich 
> CC: Konrad Rzeszutek Wilk 
> CC: Stefano Stabellini 
> CC: Tim Deegan 
> CC: Wei Liu 
> ---
>  xen/Kconfig  | 2 ++
>  xen/Kconfig.debug| 7 +++
>  xen/include/xen/config.h | 4 
>  3 files changed, 13 insertions(+)
>  create mode 100644 xen/Kconfig.debug
> 
> diff --git a/xen/Kconfig b/xen/Kconfig
> index fa8b27c..0fe7a1a 100644
> --- a/xen/Kconfig
> +++ b/xen/Kconfig
> @@ -26,3 +26,5 @@ config DEFCONFIG_LIST
>  config EXPERT
>   string
>   option env="XEN_CONFIG_EXPERT"
> +
> +source "Kconfig.debug"
> diff --git a/xen/Kconfig.debug b/xen/Kconfig.debug
> new file mode 100644
> index 000..d14d758
> --- /dev/null
> +++ b/xen/Kconfig.debug
> @@ -0,0 +1,7 @@
> +
> +menuconfig DEBUG
> + bool "Debugging Options"
> + ---help---
> +   If you want to debug Xen say Y and select any additional debugging
> +   support options. This enables additional debugging through Xen
> +   and as a result enabling this option results in no security 
> guarantees.

Maybe that's because I'm not a native speaker, this doesn't sound right
to me -- it implies debugging option makes xen insecure.

I think you mean "results in no security support"?

Wei.

> diff --git a/xen/include/xen/config.h b/xen/include/xen/config.h
> index ef6e5ee..473c5e8 100644
> --- a/xen/include/xen/config.h
> +++ b/xen/include/xen/config.h
> @@ -81,4 +81,8 @@
>  /* allow existing code to work with Kconfig variable */
>  #define NR_CPUS CONFIG_NR_CPUS
>  
> +#ifndef CONFIG_DEBUG
> +#define NDEBUG
> +#endif
> +
>  #endif /* __XEN_CONFIG_H__ */
> -- 
> 2.7.3
> 

___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

[Xen-devel] [RFC PATCH 1/7] build: add debug menu to Kconfig

2016-05-01 Thread Doug Goldstein

There are a number of debugging options for Xen so the idea is to have a
menu to group them all together. Enabling this menu item will also
disable NDEBUG which will result in more debug prints. This was
previously wired into the 'debug=y' command line option.

Signed-off-by: Doug Goldstein 
---
CC: Andrew Cooper 
CC: George Dunlap 
CC: Ian Jackson 
CC: Jan Beulich 
CC: Konrad Rzeszutek Wilk 
CC: Stefano Stabellini 
CC: Tim Deegan 
CC: Wei Liu 
---
 xen/Kconfig  | 2 ++
 xen/Kconfig.debug| 7 +++
 xen/include/xen/config.h | 4 
 3 files changed, 13 insertions(+)
 create mode 100644 xen/Kconfig.debug

diff --git a/xen/Kconfig b/xen/Kconfig
index fa8b27c..0fe7a1a 100644
--- a/xen/Kconfig
+++ b/xen/Kconfig
@@ -26,3 +26,5 @@ config DEFCONFIG_LIST
 config EXPERT
string
option env="XEN_CONFIG_EXPERT"
+
+source "Kconfig.debug"
diff --git a/xen/Kconfig.debug b/xen/Kconfig.debug
new file mode 100644
index 000..d14d758
--- /dev/null
+++ b/xen/Kconfig.debug
@@ -0,0 +1,7 @@
+
+menuconfig DEBUG
+   bool "Debugging Options"
+   ---help---
+ If you want to debug Xen say Y and select any additional debugging
+ support options. This enables additional debugging through Xen
+ and as a result enabling this option results in no security 
guarantees.
diff --git a/xen/include/xen/config.h b/xen/include/xen/config.h
index ef6e5ee..473c5e8 100644
--- a/xen/include/xen/config.h
+++ b/xen/include/xen/config.h
@@ -81,4 +81,8 @@
 /* allow existing code to work with Kconfig variable */
 #define NR_CPUS CONFIG_NR_CPUS
 
+#ifndef CONFIG_DEBUG
+#define NDEBUG
+#endif
+
 #endif /* __XEN_CONFIG_H__ */
-- 
2.7.3


___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

Re: [Xen-devel] [RFC PATCH 1/7] build: add debug menu to Kconfig

Re: [Xen-devel] [RFC PATCH 1/7] build: add debug menu to Kconfig

Re: [Xen-devel] [RFC PATCH 1/7] build: add debug menu to Kconfig

[Xen-devel] [RFC PATCH 1/7] build: add debug menu to Kconfig

4 matches

Site Navigation

Mail list logo

Footer information