[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 11/13] xen/arm: Kconfig: Move HARDEN_BRANCH_PREDICTOR under "Architecture features"

On Tue, 22 May 2018, Julien Grall wrote:
> At the moment, HARDEN_BRANCH_PREDICTOR is not in any section making
> impossible for the user to unselect it.
> 
> Also, it looks like we require to use 'expert = "y"' for showing the
> option in expert mode.
> 
> Signed-off-by: Julien Grall <julien.grall@xxxxxxx>

Very useful, thank you!

Reviewed-by: Stefano Stabellini <sstabellini@xxxxxxxxxx>


> ---
>  xen/arch/arm/Kconfig | 34 +++++++++++++++++-----------------
>  1 file changed, 17 insertions(+), 17 deletions(-)
> 
> diff --git a/xen/arch/arm/Kconfig b/xen/arch/arm/Kconfig
> index 0e2d027060..4212c58171 100644
> --- a/xen/arch/arm/Kconfig
> +++ b/xen/arch/arm/Kconfig
> @@ -83,6 +83,23 @@ config ARM_SSBD
>  
>         If unsure, say Y.
>  
> +config HARDEN_BRANCH_PREDICTOR
> +     bool "Harden the branch predictor against aliasing attacks" if EXPERT = 
> "y"
> +     default y
> +     help
> +       Speculation attacks against some high-performance processors rely on
> +       being able to manipulate the branch predictor for a victim context by
> +       executing aliasing branches in the attacker context.  Such attacks
> +       can be partially mitigated against by clearing internal branch
> +       predictor state and limiting the prediction logic in some situations.
> +
> +       This config option will take CPU-specific actions to harden the
> +       branch predictor against aliasing attacks and may rely on specific
> +       instruction sequences or control bits being set by the system
> +       firmware.
> +
> +       If unsure, say Y.
> +
>  endmenu
>  
>  menu "ARM errata workaround via the alternative framework"
> @@ -197,23 +214,6 @@ config ARM64_ERRATUM_834220
>  
>  endmenu
>  
> -config HARDEN_BRANCH_PREDICTOR
> -     bool "Harden the branch predictor against aliasing attacks" if EXPERT
> -     default y
> -     help
> -       Speculation attacks against some high-performance processors rely on
> -       being able to manipulate the branch predictor for a victim context by
> -       executing aliasing branches in the attacker context.  Such attacks
> -       can be partially mitigated against by clearing internal branch
> -       predictor state and limiting the prediction logic in some situations.
> -
> -       This config option will take CPU-specific actions to harden the
> -       branch predictor against aliasing attacks and may rely on specific
> -       instruction sequences or control bits being set by the system
> -       firmware.
> -
> -       If unsure, say Y.
> -
>  config ARM64_HARDEN_BRANCH_PREDICTOR
>      def_bool y if ARM_64 && HARDEN_BRANCH_PREDICTOR
>  
> -- 
> 2.11.0
> 

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.