On Wed, Oct 30, 2019 at 12:01:18AM +0000, Edgecombe, Rick P wrote: > On Tue, 2019-10-29 at 16:36 -0700, Kees Cook wrote: > > On Thu, Oct 03, 2019 at 02:24:00PM -0700, Rick Edgecombe wrote: > > > Add CONFIG_KVM_XO for supporting KVM based execute only memory. > > > > I would expect this config to be added earlier in the series so that the > > code being added that depends on it can be incrementally build tested... > > > > (Also, if this is default=y, why have a Kconfig for it at all? Guests > > need to know to use this already, yes?) > > > > -Kees > Hmm, good point. One reason could be that this requires SPARSEMEM_VMEMMAP due to > some pre-processor tricks that need a compile time known max physical address > size. So maybe someone could want KVM_GUEST and !SPARSEMEM_VMEMMAP. I'm not > sure. Good point about the combination of other CONFIGs. All the more reason to move it earlier, though. -Kees > > > > > > > Signed-off-by: Rick Edgecombe <rick.p.edgecombe@xxxxxxxxx> > > > --- > > > arch/x86/Kconfig | 13 +++++++++++++ > > > 1 file changed, 13 insertions(+) > > > > > > diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig > > > index 222855cc0158..3a3af2a456e8 100644 > > > --- a/arch/x86/Kconfig > > > +++ b/arch/x86/Kconfig > > > @@ -802,6 +802,19 @@ config KVM_GUEST > > > underlying device model, the host provides the guest with > > > timing infrastructure such as time of day, and system time > > > > > > +config KVM_XO > > > + bool "Support for KVM based execute only virtual memory permissions" > > > + select DYNAMIC_PHYSICAL_MASK > > > + select SPARSEMEM_VMEMMAP > > > + depends on KVM_GUEST && X86_64 > > > + default y > > > + help > > > + This option enables support for execute only memory for KVM guests. If > > > + support from the underlying VMM is not detected at boot, this > > > + capability will automatically disable. > > > + > > > + If you are unsure how to answer this question, answer Y. > > > + > > > config PVH > > > bool "Support for running PVH guests" > > > ---help--- > > > -- > > > 2.17.1 > > > > > > > -- Kees Cook
