[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH 3/3] x86/Kconfig: introduce option to select retpoline usage
- To: <xen-devel@xxxxxxxxxxxxxxxxxxxx>
- From: Roger Pau Monne <roger.pau@xxxxxxxxxx>
- Date: Wed, 16 Feb 2022 10:03:00 +0100
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=+m/NbrA9jbWPANH40Z1eu9xNS2W1mVadFn0RNk2u6CM=; b=l9HXLmIgDgrpd1UsTSGvBV81KayWufCo153hi7CJAIIRygRzig+/zr7DgsuqMBRMBya7WN1Bw/1eNiWLGZZ32X7k1WL1T9CnYj+bdtIdxSAobz/MPu71+KYTQC99q8A2NUj/1N7cAoY3mNaJt0PvhQxKz6FFtt1XGeIyMCIJZrZPoNVSsK4sUZ4aqTgd97cdtWtk75z4vqsIDtzEDzR/pb1DKdT8mKJgvVUFIYjv35O0EH0bV//t8pw4tptrztg0VwIsTKonHFcm3XLx0Yiq2JVal0dQT94hf9DppBI6hcUpfVrrghA0ZhS5LM2p+bW0GvA5Zo7uloIpdGoLCpJdpA==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Y57smHyNjswL/rrZxeiZJlEn7OTTE5UCwY25BiMAyKxnTgspi3rRj30ugokJaX/B4ESLEyD4zSyflIek36Y0zoJlqMVcHG6A17742bVt30zbZjQwmsHOtAnB9XK4BWLPAtlCJmExoqCWhlbpqnA71Rw6G+ViWE0Xhjmzo1oqqzrBTpwnO7DeTVrE33kU0IBeD4OmeadUhb5ekYyK3MTCv45jP++Xu/gbH1PBVxV65sY10gop3Vx1J5fKSF1YHX38Km1E90K3Ajys1AIAB7HtYH26gvfOWCo+hozQnSU/4O0bpnOBdIuDNTbx1SH6S5UKf8ASfCYWxqmjlRwsvCthew==
- Authentication-results: esa6.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com
- Cc: Roger Pau Monne <roger.pau@xxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>
- Delivery-date: Wed, 16 Feb 2022 09:03:34 +0000
- Ironport-data: A9a23:fNGr/ar3e2YvkiwgmT87Mr9+5RheBmKcYhIvgKrLsJaIsI4StFCzt garIBmFP/rcN2X0fYtwa4Xj8U0GuJ7XytA2GwI4pClgE3lE+JuZCYyVIHmrMnLJJKUvbq7GA +byyDXkBJppJpMJjk71atANlZT4vE2xbuKU5NTsY0idfic5Dndx4f5fs7Rh2NQw24HnW1rlV e7a+KUzBnf0g1aYDUpMg06zgEsHUCPa4W5wUvQWPJinjXeG/5UnJMt3yZKZdhMUdrJ8DO+iL 9sv+Znilo/vE7XBPfv++lrzWhVirrc/pmFigFIOM0SpqkAqSiDfTs/XnRfTAKtao2zhojx/9 DlCnYPuQgowBoDVovRDdjNxNDhCY4dG1rCSdBBTseTLp6HHW37lwvEoB0AqJ4wIvO1wBAmi9 9RBdmpLNErawbvrnvTrEYGAhex6RCXvFJkYtXx6iynQEN4tQIzZQrWM7thdtNs1rp4SR6+PP pdCAdZpRBn7ejlyY0lGMq8vl/mIrGbSaAZDkk3A8MLb5ECMlVcsgdABKuH9eMGORMhTtlaVo CTB5WuRKgoBKNWVxD6B83StruzChyX2XMQVDrLQ3uFuqE2ewCoUEhJ+fUu2p7y1h1CzX/pbK lcI4Ww+oK4q7kupQ9LhGRqirxasvBQRRt5RGO0S8xyWx+zf5APxO4QfZmcfMpp87pZwHGF0k A/S9z/0OdBxmKLLQn+EzpqNlyPsHAI8CnY+OwUEYwRQtrEPv7oPph7IS99iFou8gdv0BSz8z li2kcQuu1kApZVVjvvmpDgrlxrp/8GUFVBtum07S0r4tlsRWWKzW2C/BbE3B95kJZ3RcFSOt WNsdyO2vLFXVsHleMBgrYww8FCVCxStbWW0bb1HRcBJG9GRF5iLJ904DNZWfhoBDyr8UWW1C HI/QCsIjHOpAFOkbLVsf6W6ANkwwK7rGLzND66IMosTO8IgJV7epkmCgHJ8OUi3zSDAdollZ /+mnTuEVy5GWcyLMhLqLwvi7VPb7n9nnj6CLXwK5x+mzaCfdBaopUQtazOzghQCxPrc+m39q o8HX+PTkkk3eLCuM0H/rN9IRXhXfCdTOHwDg5EOHgJ1ClE9Qz9J5j646e5JRrGJaIwPxreSp SDiABYFoLc97FWeQTi3hrlYQOqHdb50rG4hPDxqOlCt2nM5Zp2o4rtZfJwyFYTLPsQ6pRKtZ /VaKciGHNpVTTHLp2YUYZXn9dQwfxW3nwOeeSGiZWFnLZJnQgXI/P7ifxfuq3ZSXnbm65Nmr u3yzB7fTLoCWx9mUJTcZsWwwg7jpnMagu9zARfFe4EBZEX2/YF2ACXtlftrcdoUIBDOy2LCh QabCBsVv8fXpIox/IWbjKyItd7xQeB/AlBbDy/Q6rPvbXvW+W+qwIlhVueUfG+CCDOoqfv6P egMlqPyKvwKmlpOorFQKbczwPJs/cbrqp9b0h9gQCfBYWO0B+4yOXKBx8RO6PFAn+cLpQusV 0uT0dBGIrHVatj9GVscKQd5POSO0fYYxmvb4fgveRio4SZ2+PyMUFlIPgnKgytYdeMnPIQgy OYnmcgX9w3g1UZ6bofY1nhZpzaWM3gNc6Q7rZVLUobkhz0ixkxGfZGBWDT954uCaokUP0QnS tNOaHEuW1iIKpL+TkcO
- Ironport-hdrordr: A9a23:gpCxPauY+oIQpdjHGveW3hRL7skDSdV00zEX/kB9WHVpmwKj5r mTdZUgpGfJYVMqMk3I9urwXZVoLUmsl6KdpLNhXotKPzOGhILLFvAH0WKK+VSJcBEWtNQ86U 4KSdkYNDSfNykdsS842mWF+hQbreVvPJrGuQ4W9RlQcT0=
- Ironport-sdr: NT3IIB7BoZF+xfFJ1xAmPmWgjtNH0yfIS6xM6snXFJiEFAquhx6jroHqbuIYf1o/PYOKJcbYqF gc0DYiY03d7qmf7KoRl/v9QxoVaHTs2Dtsb9jcXJOqutbGdpCqpDXFc/7/Cl9s6qQ/5nVmQL3q ORuNaXVOTYS/y1E9NNMvOoF4CQoDLjnDtCwv1JEb7LHt9bb0ibOEP0vuvN3QKbu/fk3w/Cnv+h hA6Vj4phUo75UFNoTP+VFPQe6J2mAynlViluIoVmWWezadab98v9GcBSkngYcG/4cPzK9xZ4hC t6NOoyiAgY6R8HbCOuDpkqxH
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
Add a new Kconfig option under the "Speculative hardening" section
that allows selecting whether to enable retpoline. This depends on the
underlying compiler having retpoline support.
Requested-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
Signed-off-by: Roger Pau Monné <roger.pau@xxxxxxxxxx>
---
xen/arch/x86/Kconfig | 4 ----
xen/arch/x86/arch.mk | 2 ++
xen/common/Kconfig | 16 ++++++++++++++++
3 files changed, 18 insertions(+), 4 deletions(-)
diff --git a/xen/arch/x86/Kconfig b/xen/arch/x86/Kconfig
index fe00b4598b..7c73802adc 100644
--- a/xen/arch/x86/Kconfig
+++ b/xen/arch/x86/Kconfig
@@ -38,10 +38,6 @@ config GCC_INDIRECT_THUNK
config CLANG_INDIRECT_THUNK
def_bool $(cc-option,-mretpoline-external-thunk)
-config INDIRECT_THUNK
- depends on GCC_INDIRECT_THUNK || CLANG_INDIRECT_THUNK
- def_bool y
-
config HAS_AS_CET_SS
# binutils >= 2.29 or LLVM >= 6
def_bool $(as-instr,wrssq %rax$(comma)0;setssbsy)
diff --git a/xen/arch/x86/arch.mk b/xen/arch/x86/arch.mk
index f2aa2a515f..0597e714f9 100644
--- a/xen/arch/x86/arch.mk
+++ b/xen/arch/x86/arch.mk
@@ -42,6 +42,7 @@ CFLAGS += -mno-red-zone -fpic
# SSE setup for variadic function calls.
CFLAGS += -mno-sse $(call cc-option,$(CC),-mskip-rax-setup)
+ifeq ($(CONFIG_INDIRECT_THUNK),y)
# Compile with gcc thunk-extern, indirect-branch-register if available.
CFLAGS-$(CONFIG_GCC_INDIRECT_THUNK) += -mindirect-branch=thunk-extern
CFLAGS-$(CONFIG_GCC_INDIRECT_THUNK) += -mindirect-branch-register
@@ -49,6 +50,7 @@ CFLAGS-$(CONFIG_GCC_INDIRECT_THUNK) += -fno-jump-tables
# Enable clang retpoline support if available.
CFLAGS-$(CONFIG_CLANG_INDIRECT_THUNK) += -mretpoline-external-thunk
+endif
# If supported by the compiler, reduce stack alignment to 8 bytes. But allow
# this to be overridden elsewhere.
diff --git a/xen/common/Kconfig b/xen/common/Kconfig
index db687b1785..3b0ba16a6a 100644
--- a/xen/common/Kconfig
+++ b/xen/common/Kconfig
@@ -146,6 +146,22 @@ config SPECULATIVE_HARDEN_GUEST_ACCESS
If unsure, say Y.
+config INDIRECT_THUNK
+ bool "Speculative Branch Target Injection Protection"
+ depends on X86 && (GCC_INDIRECT_THUNK || CLANG_INDIRECT_THUNK)
+ default y
+ help
+ Contemporary processors may use speculative execution as a
+ performance optimisation, but this can potentially be abused by an
+ attacker to leak data via speculative sidechannels.
+
+ One source of data leakage is via branch target injection.
+
+ When enabled, indirect calls are implemented using a new construct
+ called "retpoline" that prevents speculation.
+
+ If unsure, say Y.
+
endmenu
config HYPFS
--
2.34.1
|