| [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
 Re: [PATCH v2 3/3] x86/Kconfig: introduce option to select retpoline usage
 
To: Roger Pau Monne <roger.pau@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>From: Jan Beulich <jbeulich@xxxxxxxx>Date: Thu, 17 Feb 2022 10:07:32 +0100Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=noneArc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ktT5ySOkV2vsUa2J2WMDpKrja6GG5Cten5+0rHeuU1A=; b=e4BAZCiAfbmsUvB6QXP8hgFsynkfR/l0m+FI/vqOOLRV0OVoZdhGGtYajT18YMoT2xESy68BTlSAon5COcxHkHMxeLPibGAkPIB2i09H85vZ9kDKgGHJC6Hw3bUCN/Wzf2LEJnZcFY4ReMeTMC82z7/Dy5ILXxob/sMIwsZrq0wDngsSjt+rlshwbSfTX6CZUAPxTZjU5ZnXVtgE7h3/CSJx8LX7zxyryosyiifH+UdKgl0uXFZe40bwpAtk7Lr27va6ezzb0d8klQ0LB2FwF8QW3CWkcysPv7fYS/Gh9RL+A3sFtPrjK5I2Wkziu6O9vTc8SC5jQLMK+XMEF8T5MQ==Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mjfnYvqna72/HdXYEDsZy16Z7H8AA3lWlGvKenld8wymHpAB8kbug3kvkIqBTFXbLii6MIVO1j2a8sL3eFsoFtE/0JgoHHAPbYX1skJplRWpDOIx+yvUuAJsecmSMYyoZLZvXOOx6zF8MbDvGe0lmL1vqMBayu84e2vK/egCDtdifMRNIkW3ur3oSv2BmgyS3CU5kSNSUvormwk0iFD72Df+2UdJQHRX30CcseU8yGUaXN5jtlVHc6D2k1EnuUPpZbDNIyiVJmFJyUkJXvVhhSTNpOm2ZpE/Ipfa4/ycKqiaa6yPDN+HJFJby7bXOG556ydxdaR87UoIRwsiHSKZGg==Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxxDelivery-date: Thu, 17 Feb 2022 09:07:40 +0000List-id: Xen developer discussion <xen-devel.lists.xenproject.org> 
 On 16.02.2022 17:21, Roger Pau Monne wrote:
> Add a new Kconfig option under the "Speculative hardening" section
> that allows selecting whether to enable retpoline. This depends on the
> underlying compiler having retpoline support.
> 
> Requested-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
> Signed-off-by: Roger Pau Monné <roger.pau@xxxxxxxxxx>
Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx>
There's one aspect though which I would like to see Arm maintainer
input on:
> --- a/xen/arch/x86/Kconfig
> +++ b/xen/arch/x86/Kconfig
> @@ -38,10 +38,6 @@ config GCC_INDIRECT_THUNK
>  config CLANG_INDIRECT_THUNK
>       def_bool $(cc-option,-mretpoline-external-thunk)
>  
> -config INDIRECT_THUNK
> -     def_bool y
> -     depends on GCC_INDIRECT_THUNK || CLANG_INDIRECT_THUNK
Moving this ...
> --- a/xen/common/Kconfig
> +++ b/xen/common/Kconfig
> @@ -146,6 +146,22 @@ config SPECULATIVE_HARDEN_GUEST_ACCESS
>  
>         If unsure, say Y.
>  
> +config INDIRECT_THUNK
> +     bool "Speculative Branch Target Injection Protection"
> +     depends on X86 && (GCC_INDIRECT_THUNK || CLANG_INDIRECT_THUNK)
... here despite being explicitly marked x86-specific looks a
little odd. Since the dependencies are x86-specific, dropping
X86 from here would make my slight concern go away.
Jan
 
 |