[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH 3/3] x86/Kconfig: introduce option to select retpoline usage

  • To: <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: Roger Pau Monne <roger.pau@xxxxxxxxxx>
  • Date: Wed, 16 Feb 2022 10:03:00 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=+m/NbrA9jbWPANH40Z1eu9xNS2W1mVadFn0RNk2u6CM=; b=l9HXLmIgDgrpd1UsTSGvBV81KayWufCo153hi7CJAIIRygRzig+/zr7DgsuqMBRMBya7WN1Bw/1eNiWLGZZ32X7k1WL1T9CnYj+bdtIdxSAobz/MPu71+KYTQC99q8A2NUj/1N7cAoY3mNaJt0PvhQxKz6FFtt1XGeIyMCIJZrZPoNVSsK4sUZ4aqTgd97cdtWtk75z4vqsIDtzEDzR/pb1DKdT8mKJgvVUFIYjv35O0EH0bV//t8pw4tptrztg0VwIsTKonHFcm3XLx0Yiq2JVal0dQT94hf9DppBI6hcUpfVrrghA0ZhS5LM2p+bW0GvA5Zo7uloIpdGoLCpJdpA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Y57smHyNjswL/rrZxeiZJlEn7OTTE5UCwY25BiMAyKxnTgspi3rRj30ugokJaX/B4ESLEyD4zSyflIek36Y0zoJlqMVcHG6A17742bVt30zbZjQwmsHOtAnB9XK4BWLPAtlCJmExoqCWhlbpqnA71Rw6G+ViWE0Xhjmzo1oqqzrBTpwnO7DeTVrE33kU0IBeD4OmeadUhb5ekYyK3MTCv45jP++Xu/gbH1PBVxV65sY10gop3Vx1J5fKSF1YHX38Km1E90K3Ajys1AIAB7HtYH26gvfOWCo+hozQnSU/4O0bpnOBdIuDNTbx1SH6S5UKf8ASfCYWxqmjlRwsvCthew==
  • Authentication-results: esa6.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com
  • Cc: Roger Pau Monne <roger.pau@xxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>
  • Delivery-date: Wed, 16 Feb 2022 09:03:34 +0000
  • Ironport-data: A9a23:fNGr/ar3e2YvkiwgmT87Mr9+5RheBmKcYhIvgKrLsJaIsI4StFCzt garIBmFP/rcN2X0fYtwa4Xj8U0GuJ7XytA2GwI4pClgE3lE+JuZCYyVIHmrMnLJJKUvbq7GA +byyDXkBJppJpMJjk71atANlZT4vE2xbuKU5NTsY0idfic5Dndx4f5fs7Rh2NQw24HnW1rlV e7a+KUzBnf0g1aYDUpMg06zgEsHUCPa4W5wUvQWPJinjXeG/5UnJMt3yZKZdhMUdrJ8DO+iL 9sv+Znilo/vE7XBPfv++lrzWhVirrc/pmFigFIOM0SpqkAqSiDfTs/XnRfTAKtao2zhojx/9 DlCnYPuQgowBoDVovRDdjNxNDhCY4dG1rCSdBBTseTLp6HHW37lwvEoB0AqJ4wIvO1wBAmi9 9RBdmpLNErawbvrnvTrEYGAhex6RCXvFJkYtXx6iynQEN4tQIzZQrWM7thdtNs1rp4SR6+PP pdCAdZpRBn7ejlyY0lGMq8vl/mIrGbSaAZDkk3A8MLb5ECMlVcsgdABKuH9eMGORMhTtlaVo CTB5WuRKgoBKNWVxD6B83StruzChyX2XMQVDrLQ3uFuqE2ewCoUEhJ+fUu2p7y1h1CzX/pbK lcI4Ww+oK4q7kupQ9LhGRqirxasvBQRRt5RGO0S8xyWx+zf5APxO4QfZmcfMpp87pZwHGF0k A/S9z/0OdBxmKLLQn+EzpqNlyPsHAI8CnY+OwUEYwRQtrEPv7oPph7IS99iFou8gdv0BSz8z li2kcQuu1kApZVVjvvmpDgrlxrp/8GUFVBtum07S0r4tlsRWWKzW2C/BbE3B95kJZ3RcFSOt WNsdyO2vLFXVsHleMBgrYww8FCVCxStbWW0bb1HRcBJG9GRF5iLJ904DNZWfhoBDyr8UWW1C HI/QCsIjHOpAFOkbLVsf6W6ANkwwK7rGLzND66IMosTO8IgJV7epkmCgHJ8OUi3zSDAdollZ /+mnTuEVy5GWcyLMhLqLwvi7VPb7n9nnj6CLXwK5x+mzaCfdBaopUQtazOzghQCxPrc+m39q o8HX+PTkkk3eLCuM0H/rN9IRXhXfCdTOHwDg5EOHgJ1ClE9Qz9J5j646e5JRrGJaIwPxreSp SDiABYFoLc97FWeQTi3hrlYQOqHdb50rG4hPDxqOlCt2nM5Zp2o4rtZfJwyFYTLPsQ6pRKtZ /VaKciGHNpVTTHLp2YUYZXn9dQwfxW3nwOeeSGiZWFnLZJnQgXI/P7ifxfuq3ZSXnbm65Nmr u3yzB7fTLoCWx9mUJTcZsWwwg7jpnMagu9zARfFe4EBZEX2/YF2ACXtlftrcdoUIBDOy2LCh QabCBsVv8fXpIox/IWbjKyItd7xQeB/AlBbDy/Q6rPvbXvW+W+qwIlhVueUfG+CCDOoqfv6P egMlqPyKvwKmlpOorFQKbczwPJs/cbrqp9b0h9gQCfBYWO0B+4yOXKBx8RO6PFAn+cLpQusV 0uT0dBGIrHVatj9GVscKQd5POSO0fYYxmvb4fgveRio4SZ2+PyMUFlIPgnKgytYdeMnPIQgy OYnmcgX9w3g1UZ6bofY1nhZpzaWM3gNc6Q7rZVLUobkhz0ixkxGfZGBWDT954uCaokUP0QnS tNOaHEuW1iIKpL+TkcO
  • Ironport-hdrordr: A9a23:gpCxPauY+oIQpdjHGveW3hRL7skDSdV00zEX/kB9WHVpmwKj5r mTdZUgpGfJYVMqMk3I9urwXZVoLUmsl6KdpLNhXotKPzOGhILLFvAH0WKK+VSJcBEWtNQ86U 4KSdkYNDSfNykdsS842mWF+hQbreVvPJrGuQ4W9RlQcT0=
  • Ironport-sdr: NT3IIB7BoZF+xfFJ1xAmPmWgjtNH0yfIS6xM6snXFJiEFAquhx6jroHqbuIYf1o/PYOKJcbYqF gc0DYiY03d7qmf7KoRl/v9QxoVaHTs2Dtsb9jcXJOqutbGdpCqpDXFc/7/Cl9s6qQ/5nVmQL3q ORuNaXVOTYS/y1E9NNMvOoF4CQoDLjnDtCwv1JEb7LHt9bb0ibOEP0vuvN3QKbu/fk3w/Cnv+h hA6Vj4phUo75UFNoTP+VFPQe6J2mAynlViluIoVmWWezadab98v9GcBSkngYcG/4cPzK9xZ4hC t6NOoyiAgY6R8HbCOuDpkqxH
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
Add a new Kconfig option under the "Speculative hardening" section
that allows selecting whether to enable retpoline. This depends on the
underlying compiler having retpoline support.

Requested-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
Signed-off-by: Roger Pau Monné <roger.pau@xxxxxxxxxx>
---
 xen/arch/x86/Kconfig |  4 ----
 xen/arch/x86/arch.mk |  2 ++
 xen/common/Kconfig   | 16 ++++++++++++++++
 3 files changed, 18 insertions(+), 4 deletions(-)

diff --git a/xen/arch/x86/Kconfig b/xen/arch/x86/Kconfig
index fe00b4598b..7c73802adc 100644
--- a/xen/arch/x86/Kconfig
+++ b/xen/arch/x86/Kconfig
@@ -38,10 +38,6 @@ config GCC_INDIRECT_THUNK
 config CLANG_INDIRECT_THUNK
        def_bool $(cc-option,-mretpoline-external-thunk)
 
-config INDIRECT_THUNK
-       depends on GCC_INDIRECT_THUNK || CLANG_INDIRECT_THUNK
-       def_bool y
-
 config HAS_AS_CET_SS
        # binutils >= 2.29 or LLVM >= 6
        def_bool $(as-instr,wrssq %rax$(comma)0;setssbsy)
diff --git a/xen/arch/x86/arch.mk b/xen/arch/x86/arch.mk
index f2aa2a515f..0597e714f9 100644
--- a/xen/arch/x86/arch.mk
+++ b/xen/arch/x86/arch.mk
@@ -42,6 +42,7 @@ CFLAGS += -mno-red-zone -fpic
 # SSE setup for variadic function calls.
 CFLAGS += -mno-sse $(call cc-option,$(CC),-mskip-rax-setup)
 
+ifeq ($(CONFIG_INDIRECT_THUNK),y)
 # Compile with gcc thunk-extern, indirect-branch-register if available.
 CFLAGS-$(CONFIG_GCC_INDIRECT_THUNK) += -mindirect-branch=thunk-extern
 CFLAGS-$(CONFIG_GCC_INDIRECT_THUNK) += -mindirect-branch-register
@@ -49,6 +50,7 @@ CFLAGS-$(CONFIG_GCC_INDIRECT_THUNK) += -fno-jump-tables
 
 # Enable clang retpoline support if available.
 CFLAGS-$(CONFIG_CLANG_INDIRECT_THUNK) += -mretpoline-external-thunk
+endif
 
 # If supported by the compiler, reduce stack alignment to 8 bytes. But allow
 # this to be overridden elsewhere.
diff --git a/xen/common/Kconfig b/xen/common/Kconfig
index db687b1785..3b0ba16a6a 100644
--- a/xen/common/Kconfig
+++ b/xen/common/Kconfig
@@ -146,6 +146,22 @@ config SPECULATIVE_HARDEN_GUEST_ACCESS
 
          If unsure, say Y.
 
+config INDIRECT_THUNK
+       bool "Speculative Branch Target Injection Protection"
+       depends on X86 && (GCC_INDIRECT_THUNK || CLANG_INDIRECT_THUNK)
+       default y
+       help
+         Contemporary processors may use speculative execution as a
+         performance optimisation, but this can potentially be abused by an
+         attacker to leak data via speculative sidechannels.
+
+         One source of data leakage is via branch target injection.
+
+         When enabled, indirect calls are implemented using a new construct
+         called "retpoline" that prevents speculation.
+
+         If unsure, say Y.
+
 endmenu
 
 config HYPFS
-- 
2.34.1

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.