On 15/08/2025 12:21 pm, Andrew Cooper wrote: > On 15/08/2025 11:23 am, Sergiy Kibrik wrote: >> diff --git a/docs/misc/xen-command-line.pandoc >> b/docs/misc/xen-command-line.pandoc >> index a75b6c9301..9044827e78 100644 >> --- a/docs/misc/xen-command-line.pandoc >> +++ b/docs/misc/xen-command-line.pandoc >> @@ -238,6 +238,15 @@ loops for Queued Invalidation completions.** >> Specify a maximum amount of available memory, to which Xen will clamp >> the e820 table. >> >> +### avc_prealloc >> +> `= <boolean>` >> + >> +> Default: `false` >> + >> +Allocate XSM Access Vector Cache at boot. This forbids runtime dynamic >> +allocation of AVC nodes from Xen heap and changing AVC size via >> +FLASK_SETAVC_THRESHOLD hypercall. > I don't have any input on memory allocation side of things, but this > needs to be a sub-option under the existing flask=, and it looks like > you're going to need to turn it into a comma separated list. > > Also, if you actually want to use Flask in a safety system, Flask needs > to become security supported in Xen.
Sorry, sent a little too early. x86's dom0= is probably the closes good example to follow, having both comma separated booleans and a choice-of-$N. ~Andrew
