[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH v3 3/3] x86/Kconfig: introduce option to select retpoline usage
- To: <xen-devel@xxxxxxxxxxxxxxxxxxxx>
- From: Roger Pau Monne <roger.pau@xxxxxxxxxx>
- Date: Fri, 18 Feb 2022 15:34:16 +0100
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=wycz5DnGVIywU467a7gmql8uL29FYGmIDOKp8zvRFgg=; b=CWzoWqGcBUOfARhVL9hJFFlgYUq0hlf7yf27x4m11i/0Z8IIevFDMnwds7BkkkFtHwO78XCBKJQTKvsY4gaY0Rpt9bPOrLSq4gcNMSSp8sstAmqXcStNdMCASWpdG9Mbugcp1lJ8YMdR+u9MkdSRIR/psl6eaJLWFPD4Xi49a+qiWw2LuoN8Z8sgB84Vpe/Eh/cu93VYETdDdPwj82EhlCofpsZ8CSPl5LKKi6D+j2yb1t5cWZbF4i685b7YhaEj7fW5+G59yRUQGP+c9V3/zkF0CNvBK/C16jgdIBRxHQ+ovWEZmf0MBth24RPG3EmRbvL6e2ByleJka+3cHUBG+Q==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=emWtRwsxU7T1YMq73bIaGzJPvnSVff4MgVOJ12ttDX0iLJUiwMGEIxm/dJhkSkYiDgPpFjLcSp+T5jRrb5B1eLXywsKHcl/L698FajttlBMKCP4Jhhpp7JYaqpluzqd2FY2BIXAgKs6An24etLVZlJdP+ql6whfZRcxkE0yNp9LYZDtgiPIE8AiKEsEetgimCULRXFkxfNMz6Vwsrd6bhwgxm5ecHho+z6JjnrbmJ4H6Lhx11uHKHE37k9lgW3tm6u5Lbw9u1CCjBUBG3LeDfAxv2lBVAEYLleziAOWpmVH1m3K6mRNuXmZjJ6OAa1v5FkdabRN9ssugkEkygDJMMw==
- Authentication-results: esa4.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com
- Cc: Roger Pau Monne <roger.pau@xxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, "George Dunlap" <george.dunlap@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, "Stefano Stabellini" <sstabellini@xxxxxxxxxx>
- Delivery-date: Fri, 18 Feb 2022 14:35:00 +0000
- Ironport-data: A9a23:2ooFoKlhSxozIqs+EIFfKXno5gy+JkRdPkR7XQ2eYbSJt1+Wr1Gzt xJKWj/VPfeDZmHwcoh0Ot7i/E4AsMfUn95mTQdkrng2HiMWpZLJC+rCIxarNUt+DCFioGGLT Sk6QoOdRCzhZiaE/n9BCpC48T8kk/vgqoPUUIYoAAgoLeNfYHpn2UILd9IR2NYy24DjWlPV4 7senuWEULOb828sWo4rw/rrRCNH5JwebxtB4zTSzdgS1LPvvyF94KA3fMldHFOhKmVgJcaoR v6r8V2M1jixEyHBqD+Suu2TnkUiGtY+NOUV45Zcc/DKbhNq/kTe3kunXRa1hIg+ZzihxrhMJ NtxWZOYcl4HYYLntL4ndUdCPyslPqx85r/7GC3q2SCT5xWun3rExvxvCAc9PJEC+/YxCmZLn RAaAGlTNFbZ3bvwme/lDLk37iggBJCD0Ic3oHZvwCufFf87aZvCX7/L9ZlT2zJYasVmQ6iBO ZRCM2IHgBLoXC1RAhQFI9UEntiv2VT1SA1KkQu2qv9ii4TU5FMoi+W8WDbPQfSIWMFUk0Cwt m/AuWPjDXkyL8eDwDCI9natgO7nni7hXo8WUrqi+ZZCn1m71mEVThoMWjOTsfS/z0KzRd9bA 0gV4TY167g/8lSxSdvwVAH+p2SL1jYeUddNF+wx6CmW17HZpQ2eAwA5oiVpMYJ88pVsHHpzi wHPz4iB6SFTXKO9ciuzqZi/gWmIH3YPAWVZZi4+Uws52oy2yG0stS7nQtFmGa+zq9T6HzDs3 jyHxBQDa6UvYd0jjPviow2e6964jt2QF1NuuF2LNo6wxl4hPOaYi5qUBU83BBqqBKKQVRG/s XcNgKByB8heXMjWxERhrAjgdYxFBspp0hWA0DaD/LF7rlxBHkJPm6gJsVmSw28zb645lcfBO hO7hO+ozMY70IGWRaF2eZmtLM8h0LLtE9/oPtiNMIYTO8ItLF7bong0DaJ144wLuBF9+U3YE c3GGftA8F5AUfg3pNZIb7x1PUAXKtAWmjqIGMGTI+WP2ruCfn+FIYrpw3PVBt3VGJis+V2Pm /4GbpPi40wGDIXWP3mGmaZOfAtiBSVqWvjLRzl/K7frzvxOQzp6VZc8ANoJJuRYokiivr2Wp irkAhcAkjISRxTvcG23V5yqU5u2Nb5XpnMnJy08e1Gu3nkoe4G066kDMZAweNEaGCZLl5aYk 9Ftlx28P8ly
- Ironport-hdrordr: A9a23:/8CnO6M7cd3fvcBcT1v155DYdb4zR+YMi2TDiHoedfUFSKOlfp 6V8MjztSWVtN4QMEtQ/uxoX5PwPk80lKQFnbX5WI3CYOCIghrQEGgP1/qG/9SkIVyFygc/79 YRT0EdMqyJMbESt6+Ti2PUYrVQouVvsprY+Ns2p00dPD2CAJsQiTuRZDzrdnGfE2J9dOQE/d enl4B6jgvlXU5SQtWwB3EDUeSGj9rXlKj+aRpDIxI88gGBgR6h9ba/SnGjr1sjegIK5Y1n3X nOkgT/6Knmm/anyiXE32uWy5hNgtPuxvZKGcTJoMkILTfHjBquee1aKvC/lQFwhNvqxEchkd HKrRtlF8Nv60nJdmXwmhfp0xmI6kdm11bSjXujxVfzq83wQzw3T+Bbg5hCTxff4008+Plhza NixQuixttqJCKFuB64y8nDVhlsmEbxi2Eli/Qvg3tWVpZbQKNNrLYY4FheHP47bWzHAbgcYa pT5fznlbRrmQvwVQGdgoAv+q3iYp0LJGbHfqBY0fbllwS/nxhCvj0lLYIk7zA9HakGOut5Dt L/Q9NVfYF1P7wrhJ1GdZI8qLOMexfwqDL3QSqvyAfcZeo600ykke+C3Fxy3pDtRKA1
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
Add a new Kconfig option under the "Speculative hardening" section
that allows selecting whether to enable retpoline. This depends on the
underlying compiler having retpoline support.
Requested-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
Signed-off-by: Roger Pau Monné <roger.pau@xxxxxxxxxx>
---
Changes since v2:
- Place first in the section.
- Remove "If unsure".
Changes since v1:
- Fix description of option to use indirect branches instead of
indirect calls.
---
xen/arch/x86/Kconfig | 5 -----
xen/common/Kconfig | 14 ++++++++++++++
2 files changed, 14 insertions(+), 5 deletions(-)
diff --git a/xen/arch/x86/Kconfig b/xen/arch/x86/Kconfig
index f8dca4dc85..eb4d1a949f 100644
--- a/xen/arch/x86/Kconfig
+++ b/xen/arch/x86/Kconfig
@@ -36,11 +36,6 @@ config CC_INDIRECT_THUNK
def_bool $(cc-option,-mindirect-branch-register) || \
$(cc-option,-mretpoline-external-thunk)
-
-config INDIRECT_THUNK
- def_bool y
- depends on CC_INDIRECT_THUNK
-
config HAS_AS_CET_SS
# binutils >= 2.29 or LLVM >= 6
def_bool $(as-instr,wrssq %rax$(comma)0;setssbsy)
diff --git a/xen/common/Kconfig b/xen/common/Kconfig
index db687b1785..533b8f33e6 100644
--- a/xen/common/Kconfig
+++ b/xen/common/Kconfig
@@ -85,6 +85,20 @@ config STATIC_MEMORY
menu "Speculative hardening"
+config INDIRECT_THUNK
+ bool "Speculative Branch Target Injection Protection"
+ depends on CC_INDIRECT_THUNK
+ default y
+ help
+ Contemporary processors may use speculative execution as a
+ performance optimisation, but this can potentially be abused by an
+ attacker to leak data via speculative sidechannels.
+
+ One source of data leakage is via branch target injection.
+
+ When enabled, indirect branches are implemented using a new construct
+ called "retpoline" that prevents speculation.
+
config SPECULATIVE_HARDEN_ARRAY
bool "Speculative Array Hardening"
default y
--
2.34.1
|
