[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH v2 3/3] x86/Kconfig: introduce option to select retpoline usage

  • To: <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: Roger Pau Monne <roger.pau@xxxxxxxxxx>
  • Date: Wed, 16 Feb 2022 17:21:42 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=/baYjNnC5E1KhoJ7tzV137/mk2WyOVplKJZMdD4Ofn8=; b=e+LT2WKVuSIousfE1ov996QJ9K88QXCR2LAE+fWWt3TveRBwOZV4FC2x6/WedIk71aL98kwJH5eS9tBN8VpvXilTcIi7sT/n90PzyapRxCbiZ6A5ZHh+i0qNYXy/n7uQJiT3DfATQMfV9ftZxbvjuWLQv6jUgic5Psziank0SatbaUEc0qZmX56XnVQ9OyuWdQ1SNIagPzRyhkoLw+cJG9mdQQ8TcjEC5fDCxFTNXjqLgzO+w2j29ou4nodc2NRDd45KvKMuP+gkvwyFYhOWvF8wX6ydBgeuor33JmD+vdbPI1HvQfVWdldzZX+y4YbKwfP3me97/KRvlJ+n62/omg==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=FyVJ3McVpA1Otk5PIgKZROpbyYzT8PDgRlyw3Mx/yNjv3/oFTqhzIF2HdDMXB0jRdsBWpb4NxZCVicFvLM4CCKmf9ji9RLLVk38lxiFwcqQHSG5C/pK3xOZOXXEPwrAw3N4Ld5lt+UN5unsog3sXhCIR8i3ULgSR80xs2bIZ7h65lO20o2lEwPLSpGvBqnb0KYIu3yt1WKcoMJ77hZjsUxr9dJN29F7Awu6zrkoI2XvaoFardummhSWPic6ymPQbtZd6+4i1OFae6m2wVV5fNTowBl31uT0Cog46W92BQv9KVLuMoPHyqy3LO21Mzwe8D/mfb86zNHelCy65eXBoLA==
  • Authentication-results: esa2.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com
  • Cc: Roger Pau Monne <roger.pau@xxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>
  • Delivery-date: Wed, 16 Feb 2022 16:22:13 +0000
  • Ironport-data: A9a23:I9LQVqsSAloxerXofd0JUReoIufnVNJZMUV32f8akzHdYApBsoF/q tZmKWCBaKneNGH0fIwgb9jkphwOvMTczINiGgM//Ho9EHsU+JbJXdiXEBz9bniYRiHhoOOLz Cm8hv3odp1coqr0/0/1WlTZQP0VOZigHtIQMsadUsxKbVIiGHdJZS5LwbZj2NYy2IbhWWthh PupyyHhEA79s9JLGjp8B5Kr8HuDa9yr5Vv0FnRnDRx6lAe2e0s9VfrzFonoR5fMeaFGH/bSe gr25OrRElU1XfsaIojNfr7TKiXmS1NJVOSEoiI+t6OK2nCuqsGuu0qS2TV1hUp/0l20c95NJ Nplj4CtFyw5M4f3scc/fBZYCzB9PKhL9+qSSZS/mZT7I0zudnLtx7NlDV0sPJ1e8eFyaY1M3 aVGcnZXNEnF3r/ohuLgIgVvrp1LwM3DJoQQt2sm1TjEJf0nXYrCU+PB4towMDIY2JwVQKuEO JJxhTxHcQrcOBNUBHcsLrEhzc6UvGvFcy9TpwfAzUYwyzeKl1EguFT3C/LXZ9iLSMN9jkue4 GXc8AzRGQoGPdaSzT6E9HOEheLVmy7/HoUIG9WQ6fpCkFCVgGsJB3U+RVa95PW0lEO6c9ZeM FAPvDojq7Ao806mRcW7WAe3yFaGtBMBX9tbE8Uh9RqAjKHT5m6k6nMsF2AbLoZ87YlvGGJsh gThc87V6SJHiqGIF1mN+52vhBCQFicVNX4BZCoJQl5QizX8m70bghXKR9dlNae6iNzpBD39q wy3QDgCa6Y71pBSifjilbzTq3f1/8WSEFZpjunCdj/9tmtEiJiZi5tEALQxxdJJN86nQ1aIp xDocODOvblVXflheMFgKdjh/Y1FBd7YaFUwYnY1RvHNEghBHVb5IOi8BxkkeS9U3j4sI2OBX aMqkVo5CGVvFHWrd7RrRIm6Ft4ny6Ptffy8CKyIP4cXOMkgJVbdlM2LWaJ29zqw+KTLufthU ap3jO72VSpKYUiZ5GbeqxghPU8DmXllmDK7qWHTxBW7y7uODEN5up9eWGZimtsRtfveyC2Mq o43H5LTl313Db2vCgGKoNV7BQ1bchAG6WXe9pU/mhireVE9RgnMypb5nNscRmCSt/4Fxr2Tr y7nAxIwJZiWrSSvFDhmo0tLMdvHdZ1+sWg6LWorO1Op0GIkeoGh8OEUcJ5fQFXt3LYLISdcQ 6ZXdsOeLO5ITzibqT0RYYOk9N5pdQixhBLINC2gOWBtc5llTg3P29nlYgqwq3VeUnvp7ZMz8 ++6ywfWYZsfXAA+XszYX+2ikgGqtn8HleMsA0aReotPeF/h+ZRBIjDqiqNlONkFLBjOn2PI1 wufDRoCi/PKpos5rIvAiaye9t/7GOpiBEtKWWLc6O/uZyXd+2Oix65GUfqJIm+BBD+lpv36a LwMnf/mMfABkFJbiKZGEu5mnfAk+t/ih75G1QA4Tn/FWEumV+F7KX6c0MgR6qAUnu1FuRG7U 16k88VBPenbI9vsFVMcKVZ3bumH0v1IyDDe4e5sfRf/7S5zurGGTV9TL1+HjykEdOl5N4Ysw OEAvs8K6lPg1kp2Y4je1i0EpX6RKnEgUrk8ssBICYDmvQMn11VebMGOESTx+pyON41BP0RCz uV4X0Yea2CwHnb/Tkc=
  • Ironport-hdrordr: A9a23:RE/AFa87zDjwDRQYKvluk+DkI+orL9Y04lQ7vn2ZLiYlFvBw9v re+cjzuiWE6wr5NEtApTniAse9qBHnhPlICOAqVN/JMTUO0FHYSr2KhrGSoQEIdRefygd179 YYT0AgY+eaMbEBt6nHCaODYq4dKaK8nJyVuQ==
  • Ironport-sdr: 1QVe5MJQGRHXQHb1UoGG4501ENCQntVhSev1Rl3Z5v3CPh9ALa474VjML37iCPqMPUPniDXL2V Pg4RNwSdGJfpFOQug4H3tkRrUvmsdZKlebCNl1v7XvHNtSDyT3STEgoQxX6mwFYv7xGrmn66aT uPLhaPwJEHkdQ8VZEH2Kqa/9vnFbNFN3uvy+PcFZ3avCdfRQIrozCgIUpMecMKIEusgk53jgCl lQPegJpT/t2aMST/yzAw5ERSMznTStEkpzwUuoHgEAkb1R+iLs2XyvSO8iMvrQN5UF/13AfHcF ZP8Ek/6mxFSocrlcJ/KA8zY9
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
Add a new Kconfig option under the "Speculative hardening" section
that allows selecting whether to enable retpoline. This depends on the
underlying compiler having retpoline support.

Requested-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
Signed-off-by: Roger Pau Monné <roger.pau@xxxxxxxxxx>
---
Changes since v1:
 - Fix description of option to use indirect branches instead of
   indirect calls.
---
 xen/arch/x86/Kconfig |  4 ----
 xen/arch/x86/arch.mk |  2 ++
 xen/common/Kconfig   | 16 ++++++++++++++++
 3 files changed, 18 insertions(+), 4 deletions(-)

diff --git a/xen/arch/x86/Kconfig b/xen/arch/x86/Kconfig
index 2fa456292b..7c73802adc 100644
--- a/xen/arch/x86/Kconfig
+++ b/xen/arch/x86/Kconfig
@@ -38,10 +38,6 @@ config GCC_INDIRECT_THUNK
 config CLANG_INDIRECT_THUNK
        def_bool $(cc-option,-mretpoline-external-thunk)
 
-config INDIRECT_THUNK
-       def_bool y
-       depends on GCC_INDIRECT_THUNK || CLANG_INDIRECT_THUNK
-
 config HAS_AS_CET_SS
        # binutils >= 2.29 or LLVM >= 6
        def_bool $(as-instr,wrssq %rax$(comma)0;setssbsy)
diff --git a/xen/arch/x86/arch.mk b/xen/arch/x86/arch.mk
index f2aa2a515f..0597e714f9 100644
--- a/xen/arch/x86/arch.mk
+++ b/xen/arch/x86/arch.mk
@@ -42,6 +42,7 @@ CFLAGS += -mno-red-zone -fpic
 # SSE setup for variadic function calls.
 CFLAGS += -mno-sse $(call cc-option,$(CC),-mskip-rax-setup)
 
+ifeq ($(CONFIG_INDIRECT_THUNK),y)
 # Compile with gcc thunk-extern, indirect-branch-register if available.
 CFLAGS-$(CONFIG_GCC_INDIRECT_THUNK) += -mindirect-branch=thunk-extern
 CFLAGS-$(CONFIG_GCC_INDIRECT_THUNK) += -mindirect-branch-register
@@ -49,6 +50,7 @@ CFLAGS-$(CONFIG_GCC_INDIRECT_THUNK) += -fno-jump-tables
 
 # Enable clang retpoline support if available.
 CFLAGS-$(CONFIG_CLANG_INDIRECT_THUNK) += -mretpoline-external-thunk
+endif
 
 # If supported by the compiler, reduce stack alignment to 8 bytes. But allow
 # this to be overridden elsewhere.
diff --git a/xen/common/Kconfig b/xen/common/Kconfig
index db687b1785..e688e45513 100644
--- a/xen/common/Kconfig
+++ b/xen/common/Kconfig
@@ -146,6 +146,22 @@ config SPECULATIVE_HARDEN_GUEST_ACCESS
 
          If unsure, say Y.
 
+config INDIRECT_THUNK
+       bool "Speculative Branch Target Injection Protection"
+       depends on X86 && (GCC_INDIRECT_THUNK || CLANG_INDIRECT_THUNK)
+       default y
+       help
+         Contemporary processors may use speculative execution as a
+         performance optimisation, but this can potentially be abused by an
+         attacker to leak data via speculative sidechannels.
+
+         One source of data leakage is via branch target injection.
+
+         When enabled, indirect branches are implemented using a new construct
+         called "retpoline" that prevents speculation.
+
+         If unsure, say Y.
+
 endmenu
 
 config HYPFS
-- 
2.34.1

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.