| Message ID | 1462162246-32413-2-git-send-email-cardoe@cardoe.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On Sun, May 01, 2016 at 11:10:40PM -0500, Doug Goldstein wrote: > There are a number of debugging options for Xen so the idea is to have a > menu to group them all together. Enabling this menu item will also > disable NDEBUG which will result in more debug prints. This was > previously wired into the 'debug=y' command line option. > > Signed-off-by: Doug Goldstein <cardoe@cardoe.com> > --- > CC: Andrew Cooper <andrew.cooper3@citrix.com> > CC: George Dunlap <George.Dunlap@eu.citrix.com> > CC: Ian Jackson <ian.jackson@eu.citrix.com> > CC: Jan Beulich <jbeulich@suse.com> > CC: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> > CC: Stefano Stabellini <sstabellini@kernel.org> > CC: Tim Deegan <tim@xen.org> > CC: Wei Liu <wei.liu2@citrix.com> > --- > xen/Kconfig | 2 ++ > xen/Kconfig.debug | 7 +++++++ > xen/include/xen/config.h | 4 ++++ > 3 files changed, 13 insertions(+) > create mode 100644 xen/Kconfig.debug > > diff --git a/xen/Kconfig b/xen/Kconfig > index fa8b27c..0fe7a1a 100644 > --- a/xen/Kconfig > +++ b/xen/Kconfig > @@ -26,3 +26,5 @@ config DEFCONFIG_LIST > config EXPERT > string > option env="XEN_CONFIG_EXPERT" > + > +source "Kconfig.debug" > diff --git a/xen/Kconfig.debug b/xen/Kconfig.debug > new file mode 100644 > index 0000000..d14d758 > --- /dev/null > +++ b/xen/Kconfig.debug > @@ -0,0 +1,7 @@ > + > +menuconfig DEBUG > + bool "Debugging Options" > + ---help--- > + If you want to debug Xen say Y and select any additional debugging > + support options. This enables additional debugging through Xen > + and as a result enabling this option results in no security guarantees. Maybe that's because I'm not a native speaker, this doesn't sound right to me -- it implies debugging option makes xen insecure. I think you mean "results in no security support"? Wei. > diff --git a/xen/include/xen/config.h b/xen/include/xen/config.h > index ef6e5ee..473c5e8 100644 > --- a/xen/include/xen/config.h > +++ b/xen/include/xen/config.h > @@ -81,4 +81,8 @@ > /* allow existing code to work with Kconfig variable */ > #define NR_CPUS CONFIG_NR_CPUS > > +#ifndef CONFIG_DEBUG > +#define NDEBUG > +#endif > + > #endif /* __XEN_CONFIG_H__ */ > -- > 2.7.3 >
On 02/05/2016 11:42, Wei Liu wrote: > On Sun, May 01, 2016 at 11:10:40PM -0500, Doug Goldstein wrote: >> There are a number of debugging options for Xen so the idea is to have a >> menu to group them all together. Enabling this menu item will also >> disable NDEBUG which will result in more debug prints. This was >> previously wired into the 'debug=y' command line option. >> >> Signed-off-by: Doug Goldstein <cardoe@cardoe.com> >> --- >> CC: Andrew Cooper <andrew.cooper3@citrix.com> >> CC: George Dunlap <George.Dunlap@eu.citrix.com> >> CC: Ian Jackson <ian.jackson@eu.citrix.com> >> CC: Jan Beulich <jbeulich@suse.com> >> CC: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> >> CC: Stefano Stabellini <sstabellini@kernel.org> >> CC: Tim Deegan <tim@xen.org> >> CC: Wei Liu <wei.liu2@citrix.com> >> --- >> xen/Kconfig | 2 ++ >> xen/Kconfig.debug | 7 +++++++ >> xen/include/xen/config.h | 4 ++++ >> 3 files changed, 13 insertions(+) >> create mode 100644 xen/Kconfig.debug >> >> diff --git a/xen/Kconfig b/xen/Kconfig >> index fa8b27c..0fe7a1a 100644 >> --- a/xen/Kconfig >> +++ b/xen/Kconfig >> @@ -26,3 +26,5 @@ config DEFCONFIG_LIST >> config EXPERT >> string >> option env="XEN_CONFIG_EXPERT" >> + >> +source "Kconfig.debug" >> diff --git a/xen/Kconfig.debug b/xen/Kconfig.debug >> new file mode 100644 >> index 0000000..d14d758 >> --- /dev/null >> +++ b/xen/Kconfig.debug >> @@ -0,0 +1,7 @@ >> + >> +menuconfig DEBUG >> + bool "Debugging Options" >> + ---help--- >> + If you want to debug Xen say Y and select any additional debugging >> + support options. This enables additional debugging through Xen >> + and as a result enabling this option results in no security guarantees. > Maybe that's because I'm not a native speaker, this doesn't sound right > to me -- it implies debugging option makes xen insecure. > > I think you mean "results in no security support"? Instead of mentioning security, I would simply say "Enabling this option is intended for development purposes only, and not for production use". There is already a statement saying that issues which only affect a debug hypervisor are not considered security relevant. ~Andrew
On 5/2/16 6:02 AM, Andrew Cooper wrote: > On 02/05/2016 11:42, Wei Liu wrote: >> On Sun, May 01, 2016 at 11:10:40PM -0500, Doug Goldstein wrote: >>> There are a number of debugging options for Xen so the idea is to have a >>> menu to group them all together. Enabling this menu item will also >>> disable NDEBUG which will result in more debug prints. This was >>> previously wired into the 'debug=y' command line option. >>> >>> Signed-off-by: Doug Goldstein <cardoe@cardoe.com> >>> --- >>> CC: Andrew Cooper <andrew.cooper3@citrix.com> >>> CC: George Dunlap <George.Dunlap@eu.citrix.com> >>> CC: Ian Jackson <ian.jackson@eu.citrix.com> >>> CC: Jan Beulich <jbeulich@suse.com> >>> CC: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> >>> CC: Stefano Stabellini <sstabellini@kernel.org> >>> CC: Tim Deegan <tim@xen.org> >>> CC: Wei Liu <wei.liu2@citrix.com> >>> --- >>> xen/Kconfig | 2 ++ >>> xen/Kconfig.debug | 7 +++++++ >>> xen/include/xen/config.h | 4 ++++ >>> 3 files changed, 13 insertions(+) >>> create mode 100644 xen/Kconfig.debug >>> >>> diff --git a/xen/Kconfig b/xen/Kconfig >>> index fa8b27c..0fe7a1a 100644 >>> --- a/xen/Kconfig >>> +++ b/xen/Kconfig >>> @@ -26,3 +26,5 @@ config DEFCONFIG_LIST >>> config EXPERT >>> string >>> option env="XEN_CONFIG_EXPERT" >>> + >>> +source "Kconfig.debug" >>> diff --git a/xen/Kconfig.debug b/xen/Kconfig.debug >>> new file mode 100644 >>> index 0000000..d14d758 >>> --- /dev/null >>> +++ b/xen/Kconfig.debug >>> @@ -0,0 +1,7 @@ >>> + >>> +menuconfig DEBUG >>> + bool "Debugging Options" >>> + ---help--- >>> + If you want to debug Xen say Y and select any additional debugging >>> + support options. This enables additional debugging through Xen >>> + and as a result enabling this option results in no security guarantees. >> Maybe that's because I'm not a native speaker, this doesn't sound right >> to me -- it implies debugging option makes xen insecure. >> >> I think you mean "results in no security support"? > > Instead of mentioning security, I would simply say "Enabling this option > is intended for development purposes only, and not for production use". > > There is already a statement saying that issues which only affect a > debug hypervisor are not considered security relevant. > > ~Andrew > Yeah that's better wording than what I've got. I'll update it. Thanks!
diff --git a/xen/Kconfig b/xen/Kconfig index fa8b27c..0fe7a1a 100644 --- a/xen/Kconfig +++ b/xen/Kconfig @@ -26,3 +26,5 @@ config DEFCONFIG_LIST config EXPERT string option env="XEN_CONFIG_EXPERT" + +source "Kconfig.debug" diff --git a/xen/Kconfig.debug b/xen/Kconfig.debug new file mode 100644 index 0000000..d14d758 --- /dev/null +++ b/xen/Kconfig.debug @@ -0,0 +1,7 @@ + +menuconfig DEBUG + bool "Debugging Options" + ---help--- + If you want to debug Xen say Y and select any additional debugging + support options. This enables additional debugging through Xen + and as a result enabling this option results in no security guarantees. diff --git a/xen/include/xen/config.h b/xen/include/xen/config.h index ef6e5ee..473c5e8 100644 --- a/xen/include/xen/config.h +++ b/xen/include/xen/config.h @@ -81,4 +81,8 @@ /* allow existing code to work with Kconfig variable */ #define NR_CPUS CONFIG_NR_CPUS +#ifndef CONFIG_DEBUG +#define NDEBUG +#endif + #endif /* __XEN_CONFIG_H__ */
There are a number of debugging options for Xen so the idea is to have a menu to group them all together. Enabling this menu item will also disable NDEBUG which will result in more debug prints. This was previously wired into the 'debug=y' command line option. Signed-off-by: Doug Goldstein <cardoe@cardoe.com> --- CC: Andrew Cooper <andrew.cooper3@citrix.com> CC: George Dunlap <George.Dunlap@eu.citrix.com> CC: Ian Jackson <ian.jackson@eu.citrix.com> CC: Jan Beulich <jbeulich@suse.com> CC: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> CC: Stefano Stabellini <sstabellini@kernel.org> CC: Tim Deegan <tim@xen.org> CC: Wei Liu <wei.liu2@citrix.com> --- xen/Kconfig | 2 ++ xen/Kconfig.debug | 7 +++++++ xen/include/xen/config.h | 4 ++++ 3 files changed, 13 insertions(+) create mode 100644 xen/Kconfig.debug