[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2 3/3] x86/Kconfig: introduce option to select retpoline usage


  • To: Roger Pau Monné <roger.pau@xxxxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Thu, 17 Feb 2022 12:10:44 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=nXodBuNaQM7i9evwYxPWnSfdDvuz6QkNlqIFHPxIVng=; b=hL+FcOzRTHiHzc5Kx9CVGrhDhhn9+MLLCa41tyL2uEir4eJJhQ4E4YI5zduo0zZV9e57yqT+p/ZPRmSBtCyFt73MY24XyKojnpZaJ09tV/e3hq52jB450kJRcK7cp+NOgiL6QaxMtQr5jFJFojxIgCqHks8NnSeJghEj4+WFtg03G2s9USS19qIFTZyWcMIeAodd+aA62Wvupv/YrXiHl47YVPSS2Cs0O8LKAvNs6JpV4xyaKp2Bcjsji98CG6zXhfuMzHJHcvEgiyz2jtStIt3ag33Yr3fn9G5deRt4HFseK840TIuE4IS/WycNXM9zGnEFmPQ0fCjPC3dqaW7Lgg==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=nx5FNRxcAVndwj14fIeqzw5Ujs6FWuWQVyhx/aJcWaJHpYQhq3tfw6s9YI5a8iJOTWsCg7uO11NFqgM33Rc5yxhSxQ6OYBg0UK+FJkjU00R2Nb13RU3jcezAK1YYj5QLeUp81demjNibTcIZ9jM26ExSgulsSKNOuKD8xsge7Q7/dR421ol4GIg6rNgFx5/7BFx+02+lp88dC8kRuFXYCRQ8OnnJ64iQfom6lC4RWuvOBQrtQ5w5aJpqT6t+TNgBnFf6KRaNS6zRQexFUPEPGlFGyyxzSgjkBaLghrEw9tZ6NguJL2JkNVrCHIYXUsdk62cmhdur5WHpfqYSEi9fxw==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
  • Cc: Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
  • Delivery-date: Thu, 17 Feb 2022 11:10:55 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 17.02.2022 11:34, Roger Pau Monné wrote:
> On Thu, Feb 17, 2022 at 10:07:32AM +0100, Jan Beulich wrote:
>> On 16.02.2022 17:21, Roger Pau Monne wrote:
>>> Add a new Kconfig option under the "Speculative hardening" section
>>> that allows selecting whether to enable retpoline. This depends on the
>>> underlying compiler having retpoline support.
>>>
>>> Requested-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
>>> Signed-off-by: Roger Pau Monné <roger.pau@xxxxxxxxxx>
>>
>> Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx>
>>
>> There's one aspect though which I would like to see Arm maintainer
>> input on:
>>
>>> --- a/xen/arch/x86/Kconfig
>>> +++ b/xen/arch/x86/Kconfig
>>> @@ -38,10 +38,6 @@ config GCC_INDIRECT_THUNK
>>>  config CLANG_INDIRECT_THUNK
>>>     def_bool $(cc-option,-mretpoline-external-thunk)
>>>  
>>> -config INDIRECT_THUNK
>>> -   def_bool y
>>> -   depends on GCC_INDIRECT_THUNK || CLANG_INDIRECT_THUNK
>>
>> Moving this ...
>>
>>> --- a/xen/common/Kconfig
>>> +++ b/xen/common/Kconfig
>>> @@ -146,6 +146,22 @@ config SPECULATIVE_HARDEN_GUEST_ACCESS
>>>  
>>>       If unsure, say Y.
>>>  
>>> +config INDIRECT_THUNK
>>> +   bool "Speculative Branch Target Injection Protection"
>>> +   depends on X86 && (GCC_INDIRECT_THUNK || CLANG_INDIRECT_THUNK)
>>
>> ... here despite being explicitly marked x86-specific looks a
>> little odd. Since the dependencies are x86-specific, dropping
>> X86 from here would make my slight concern go away.
> 
> Right - I've added the X86 because I was concerned about GCC or CLANG
> also exposing the repoline options on Arm, but that's not an issue
> because the compiler tests are only done for x86 anyway.
> 
> Feel free to drop the 'X86 &&' and the parentheses if you wish.
> Otherwise I can resend if you prefer.

No need to resend just for this.

Jan




 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.