Re: [Xen-devel] [RFC PATCH 1/7] build: add debug menu to Kconfig
On 5/2/16 6:02 AM, Andrew Cooper wrote: > On 02/05/2016 11:42, Wei Liu wrote: >> On Sun, May 01, 2016 at 11:10:40PM -0500, Doug Goldstein wrote: >>> There are a number of debugging options for Xen so the idea is to have a >>> menu to group them all together. Enabling this menu item will also >>> disable NDEBUG which will result in more debug prints. This was >>> previously wired into the 'debug=y' command line option. >>> >>> Signed-off-by: Doug Goldstein>>> --- >>> CC: Andrew Cooper >>> CC: George Dunlap >>> CC: Ian Jackson >>> CC: Jan Beulich >>> CC: Konrad Rzeszutek Wilk >>> CC: Stefano Stabellini >>> CC: Tim Deegan >>> CC: Wei Liu >>> --- >>> xen/Kconfig | 2 ++ >>> xen/Kconfig.debug| 7 +++ >>> xen/include/xen/config.h | 4 >>> 3 files changed, 13 insertions(+) >>> create mode 100644 xen/Kconfig.debug >>> >>> diff --git a/xen/Kconfig b/xen/Kconfig >>> index fa8b27c..0fe7a1a 100644 >>> --- a/xen/Kconfig >>> +++ b/xen/Kconfig >>> @@ -26,3 +26,5 @@ config DEFCONFIG_LIST >>> config EXPERT >>> string >>> option env="XEN_CONFIG_EXPERT" >>> + >>> +source "Kconfig.debug" >>> diff --git a/xen/Kconfig.debug b/xen/Kconfig.debug >>> new file mode 100644 >>> index 000..d14d758 >>> --- /dev/null >>> +++ b/xen/Kconfig.debug >>> @@ -0,0 +1,7 @@ >>> + >>> +menuconfig DEBUG >>> + bool "Debugging Options" >>> + ---help--- >>> + If you want to debug Xen say Y and select any additional debugging >>> + support options. This enables additional debugging through Xen >>> + and as a result enabling this option results in no security >>> guarantees. >> Maybe that's because I'm not a native speaker, this doesn't sound right >> to me -- it implies debugging option makes xen insecure. >> >> I think you mean "results in no security support"? > > Instead of mentioning security, I would simply say "Enabling this option > is intended for development purposes only, and not for production use". > > There is already a statement saying that issues which only affect a > debug hypervisor are not considered security relevant. > > ~Andrew > Yeah that's better wording than what I've got. I'll update it. Thanks! -- Doug Goldstein signature.asc Description: OpenPGP digital signature ___ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel
Re: [Xen-devel] [RFC PATCH 1/7] build: add debug menu to Kconfig
On 02/05/2016 11:42, Wei Liu wrote: > On Sun, May 01, 2016 at 11:10:40PM -0500, Doug Goldstein wrote: >> There are a number of debugging options for Xen so the idea is to have a >> menu to group them all together. Enabling this menu item will also >> disable NDEBUG which will result in more debug prints. This was >> previously wired into the 'debug=y' command line option. >> >> Signed-off-by: Doug Goldstein>> --- >> CC: Andrew Cooper >> CC: George Dunlap >> CC: Ian Jackson >> CC: Jan Beulich >> CC: Konrad Rzeszutek Wilk >> CC: Stefano Stabellini >> CC: Tim Deegan >> CC: Wei Liu >> --- >> xen/Kconfig | 2 ++ >> xen/Kconfig.debug| 7 +++ >> xen/include/xen/config.h | 4 >> 3 files changed, 13 insertions(+) >> create mode 100644 xen/Kconfig.debug >> >> diff --git a/xen/Kconfig b/xen/Kconfig >> index fa8b27c..0fe7a1a 100644 >> --- a/xen/Kconfig >> +++ b/xen/Kconfig >> @@ -26,3 +26,5 @@ config DEFCONFIG_LIST >> config EXPERT >> string >> option env="XEN_CONFIG_EXPERT" >> + >> +source "Kconfig.debug" >> diff --git a/xen/Kconfig.debug b/xen/Kconfig.debug >> new file mode 100644 >> index 000..d14d758 >> --- /dev/null >> +++ b/xen/Kconfig.debug >> @@ -0,0 +1,7 @@ >> + >> +menuconfig DEBUG >> +bool "Debugging Options" >> +---help--- >> + If you want to debug Xen say Y and select any additional debugging >> + support options. This enables additional debugging through Xen >> + and as a result enabling this option results in no security >> guarantees. > Maybe that's because I'm not a native speaker, this doesn't sound right > to me -- it implies debugging option makes xen insecure. > > I think you mean "results in no security support"? Instead of mentioning security, I would simply say "Enabling this option is intended for development purposes only, and not for production use". There is already a statement saying that issues which only affect a debug hypervisor are not considered security relevant. ~Andrew ___ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel
Re: [Xen-devel] [RFC PATCH 1/7] build: add debug menu to Kconfig
On Sun, May 01, 2016 at 11:10:40PM -0500, Doug Goldstein wrote: > There are a number of debugging options for Xen so the idea is to have a > menu to group them all together. Enabling this menu item will also > disable NDEBUG which will result in more debug prints. This was > previously wired into the 'debug=y' command line option. > > Signed-off-by: Doug Goldstein> --- > CC: Andrew Cooper > CC: George Dunlap > CC: Ian Jackson > CC: Jan Beulich > CC: Konrad Rzeszutek Wilk > CC: Stefano Stabellini > CC: Tim Deegan > CC: Wei Liu > --- > xen/Kconfig | 2 ++ > xen/Kconfig.debug| 7 +++ > xen/include/xen/config.h | 4 > 3 files changed, 13 insertions(+) > create mode 100644 xen/Kconfig.debug > > diff --git a/xen/Kconfig b/xen/Kconfig > index fa8b27c..0fe7a1a 100644 > --- a/xen/Kconfig > +++ b/xen/Kconfig > @@ -26,3 +26,5 @@ config DEFCONFIG_LIST > config EXPERT > string > option env="XEN_CONFIG_EXPERT" > + > +source "Kconfig.debug" > diff --git a/xen/Kconfig.debug b/xen/Kconfig.debug > new file mode 100644 > index 000..d14d758 > --- /dev/null > +++ b/xen/Kconfig.debug > @@ -0,0 +1,7 @@ > + > +menuconfig DEBUG > + bool "Debugging Options" > + ---help--- > + If you want to debug Xen say Y and select any additional debugging > + support options. This enables additional debugging through Xen > + and as a result enabling this option results in no security > guarantees. Maybe that's because I'm not a native speaker, this doesn't sound right to me -- it implies debugging option makes xen insecure. I think you mean "results in no security support"? Wei. > diff --git a/xen/include/xen/config.h b/xen/include/xen/config.h > index ef6e5ee..473c5e8 100644 > --- a/xen/include/xen/config.h > +++ b/xen/include/xen/config.h > @@ -81,4 +81,8 @@ > /* allow existing code to work with Kconfig variable */ > #define NR_CPUS CONFIG_NR_CPUS > > +#ifndef CONFIG_DEBUG > +#define NDEBUG > +#endif > + > #endif /* __XEN_CONFIG_H__ */ > -- > 2.7.3 > ___ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel
[Xen-devel] [RFC PATCH 1/7] build: add debug menu to Kconfig
There are a number of debugging options for Xen so the idea is to have a menu to group them all together. Enabling this menu item will also disable NDEBUG which will result in more debug prints. This was previously wired into the 'debug=y' command line option. Signed-off-by: Doug Goldstein--- CC: Andrew Cooper CC: George Dunlap CC: Ian Jackson CC: Jan Beulich CC: Konrad Rzeszutek Wilk CC: Stefano Stabellini CC: Tim Deegan CC: Wei Liu --- xen/Kconfig | 2 ++ xen/Kconfig.debug| 7 +++ xen/include/xen/config.h | 4 3 files changed, 13 insertions(+) create mode 100644 xen/Kconfig.debug diff --git a/xen/Kconfig b/xen/Kconfig index fa8b27c..0fe7a1a 100644 --- a/xen/Kconfig +++ b/xen/Kconfig @@ -26,3 +26,5 @@ config DEFCONFIG_LIST config EXPERT string option env="XEN_CONFIG_EXPERT" + +source "Kconfig.debug" diff --git a/xen/Kconfig.debug b/xen/Kconfig.debug new file mode 100644 index 000..d14d758 --- /dev/null +++ b/xen/Kconfig.debug @@ -0,0 +1,7 @@ + +menuconfig DEBUG + bool "Debugging Options" + ---help--- + If you want to debug Xen say Y and select any additional debugging + support options. This enables additional debugging through Xen + and as a result enabling this option results in no security guarantees. diff --git a/xen/include/xen/config.h b/xen/include/xen/config.h index ef6e5ee..473c5e8 100644 --- a/xen/include/xen/config.h +++ b/xen/include/xen/config.h @@ -81,4 +81,8 @@ /* allow existing code to work with Kconfig variable */ #define NR_CPUS CONFIG_NR_CPUS +#ifndef CONFIG_DEBUG +#define NDEBUG +#endif + #endif /* __XEN_CONFIG_H__ */ -- 2.7.3 ___ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel