>>> On 22.11.17 at 18:13, <george.dun...@citrix.com> wrote: > On 11/21/2017 08:52 AM, Jan Beulich wrote: >>>>> On 13.11.17 at 16:41, <george.dun...@citrix.com> wrote: >>> With the exception of driver domains, which depend on PCI passthrough, >>> and will be introduced later. >>> >>> Signed-off-by: George Dunlap <george.dun...@citrix.com> >> >> Shouldn't we also explicitly exclude tool stack disaggregation here, >> with reference to XSA-77? > > Well in this document, we already consider XSM "experimental"; that > would seem to subsume the specific exclusions listed in XSA-77. > > I've modified the "XSM & FLASK" as below; let me know what you think. > > The other option would be to make separate entries for specific uses of > XSM (i.e., "for simple domain restriction" vs "for domain disaggregation"). > > -George > > > ### XSM & FLASK > > Status: Experimental > > Compile time disabled. > > Also note that using XSM > to delegate various domain control hypercalls > to particular other domains, rather than only permitting use by dom0, > is also specifically excluded from security support for many hypercalls. > Please see XSA-77 for more details.
That's fine with mel. Jan _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
