On 15/08/2025 11:23 am, Sergiy Kibrik wrote: > diff --git a/docs/misc/xen-command-line.pandoc > b/docs/misc/xen-command-line.pandoc > index a75b6c9301..9044827e78 100644 > --- a/docs/misc/xen-command-line.pandoc > +++ b/docs/misc/xen-command-line.pandoc > @@ -238,6 +238,15 @@ loops for Queued Invalidation completions.** > Specify a maximum amount of available memory, to which Xen will clamp > the e820 table. > > +### avc_prealloc > +> `= <boolean>` > + > +> Default: `false` > + > +Allocate XSM Access Vector Cache at boot. This forbids runtime dynamic > +allocation of AVC nodes from Xen heap and changing AVC size via > +FLASK_SETAVC_THRESHOLD hypercall.
I don't have any input on memory allocation side of things, but this needs to be a sub-option under the existing flask=, and it looks like you're going to need to turn it into a comma separated list. Also, if you actually want to use Flask in a safety system, Flask needs to become security supported in Xen. ~Andrew
