[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v2 3/3] x86/Kconfig: introduce option to select retpoline usage
- To: Roger Pau Monne <roger.pau@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>
- From: Jan Beulich <jbeulich@xxxxxxxx>
- Date: Thu, 17 Feb 2022 10:07:32 +0100
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ktT5ySOkV2vsUa2J2WMDpKrja6GG5Cten5+0rHeuU1A=; b=e4BAZCiAfbmsUvB6QXP8hgFsynkfR/l0m+FI/vqOOLRV0OVoZdhGGtYajT18YMoT2xESy68BTlSAon5COcxHkHMxeLPibGAkPIB2i09H85vZ9kDKgGHJC6Hw3bUCN/Wzf2LEJnZcFY4ReMeTMC82z7/Dy5ILXxob/sMIwsZrq0wDngsSjt+rlshwbSfTX6CZUAPxTZjU5ZnXVtgE7h3/CSJx8LX7zxyryosyiifH+UdKgl0uXFZe40bwpAtk7Lr27va6ezzb0d8klQ0LB2FwF8QW3CWkcysPv7fYS/Gh9RL+A3sFtPrjK5I2Wkziu6O9vTc8SC5jQLMK+XMEF8T5MQ==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mjfnYvqna72/HdXYEDsZy16Z7H8AA3lWlGvKenld8wymHpAB8kbug3kvkIqBTFXbLii6MIVO1j2a8sL3eFsoFtE/0JgoHHAPbYX1skJplRWpDOIx+yvUuAJsecmSMYyoZLZvXOOx6zF8MbDvGe0lmL1vqMBayu84e2vK/egCDtdifMRNIkW3ur3oSv2BmgyS3CU5kSNSUvormwk0iFD72Df+2UdJQHRX30CcseU8yGUaXN5jtlVHc6D2k1EnuUPpZbDNIyiVJmFJyUkJXvVhhSTNpOm2ZpE/Ipfa4/ycKqiaa6yPDN+HJFJby7bXOG556ydxdaR87UoIRwsiHSKZGg==
- Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
- Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
- Delivery-date: Thu, 17 Feb 2022 09:07:40 +0000
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 16.02.2022 17:21, Roger Pau Monne wrote:
> Add a new Kconfig option under the "Speculative hardening" section
> that allows selecting whether to enable retpoline. This depends on the
> underlying compiler having retpoline support.
>
> Requested-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
> Signed-off-by: Roger Pau Monné <roger.pau@xxxxxxxxxx>
Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx>
There's one aspect though which I would like to see Arm maintainer
input on:
> --- a/xen/arch/x86/Kconfig
> +++ b/xen/arch/x86/Kconfig
> @@ -38,10 +38,6 @@ config GCC_INDIRECT_THUNK
> config CLANG_INDIRECT_THUNK
> def_bool $(cc-option,-mretpoline-external-thunk)
>
> -config INDIRECT_THUNK
> - def_bool y
> - depends on GCC_INDIRECT_THUNK || CLANG_INDIRECT_THUNK
Moving this ...
> --- a/xen/common/Kconfig
> +++ b/xen/common/Kconfig
> @@ -146,6 +146,22 @@ config SPECULATIVE_HARDEN_GUEST_ACCESS
>
> If unsure, say Y.
>
> +config INDIRECT_THUNK
> + bool "Speculative Branch Target Injection Protection"
> + depends on X86 && (GCC_INDIRECT_THUNK || CLANG_INDIRECT_THUNK)
... here despite being explicitly marked x86-specific looks a
little odd. Since the dependencies are x86-specific, dropping
X86 from here would make my slight concern go away.
Jan
|