On Tue, 2019-10-29 at 16:36 -0700, Kees Cook wrote: > On Thu, Oct 03, 2019 at 02:24:00PM -0700, Rick Edgecombe wrote: > > Add CONFIG_KVM_XO for supporting KVM based execute only memory. > > I would expect this config to be added earlier in the series so that the > code being added that depends on it can be incrementally build tested... > > (Also, if this is default=y, why have a Kconfig for it at all? Guests > need to know to use this already, yes?) > > -Kees Hmm, good point. One reason could be that this requires SPARSEMEM_VMEMMAP due to some pre-processor tricks that need a compile time known max physical address size. So maybe someone could want KVM_GUEST and !SPARSEMEM_VMEMMAP. I'm not sure. > > > > Signed-off-by: Rick Edgecombe <rick.p.edgecombe@xxxxxxxxx> > > --- > > arch/x86/Kconfig | 13 +++++++++++++ > > 1 file changed, 13 insertions(+) > > > > diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig > > index 222855cc0158..3a3af2a456e8 100644 > > --- a/arch/x86/Kconfig > > +++ b/arch/x86/Kconfig > > @@ -802,6 +802,19 @@ config KVM_GUEST > > underlying device model, the host provides the guest with > > timing infrastructure such as time of day, and system time > > > > +config KVM_XO > > + bool "Support for KVM based execute only virtual memory permissions" > > + select DYNAMIC_PHYSICAL_MASK > > + select SPARSEMEM_VMEMMAP > > + depends on KVM_GUEST && X86_64 > > + default y > > + help > > + This option enables support for execute only memory for KVM guests. If > > + support from the underlying VMM is not detected at boot, this > > + capability will automatically disable. > > + > > + If you are unsure how to answer this question, answer Y. > > + > > config PVH > > bool "Support for running PVH guests" > > ---help--- > > -- > > 2.17.1 > > > >
