Xen project Mailing List

Re: [PATCH] xen/Kconfig: Improve help test for speculative options

To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

From: Roger Pau Monné <roger.pau@xxxxxxxxxx>

Date: Fri, 9 May 2025 10:14:42 +0200

Cc: Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>

Delivery-date: Fri, 09 May 2025 08:14:53 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Thu, May 08, 2025 at 05:03:36PM +0100, Andrew Cooper wrote: > The text for CONFIG_INDIRECT_THUNK isn't really correct, and was already stale > by the time speculative vulnerabilities hit the headlines in 2018. It is > specifically an out-of-line-ing mechansim, and repoline is one of several > safety sequences used. > > Some of this boilerplate has been copied into all other options, and isn't > interesting for the target audience given that they're all in a "Speculative > Hardning" menu. > > Reword it to be more concise. > > No functional change. > > Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> Acked-by: Roger Pau Monné <roger.pau@xxxxxxxxxx> You are the expert on those things :). > --- > CC: Anthony PERARD <anthony.perard@xxxxxxxxxx> > CC: Michal Orzel <michal.orzel@xxxxxxx> > CC: Jan Beulich <jbeulich@xxxxxxxx> > CC: Julien Grall <julien@xxxxxxx> > CC: Roger Pau Monné <roger.pau@xxxxxxxxxx> > CC: Stefano Stabellini <sstabellini@xxxxxxxxxx> > > CONFIG_SPECULATIVE_HARDEN_BRANCH really ought to be named > CONFIG_SPECULATIVE_HARDEN_CONDITIONAL, but this would be a (minor) functional > change. I don't have a strong opinion either way TBH. Would you maybe like to rename the menu visible text to "Speculative Conditional Branch Hardening"? > --- > xen/common/Kconfig | 51 +++++++++------------------------------------- > 1 file changed, 10 insertions(+), 41 deletions(-) > > diff --git a/xen/common/Kconfig b/xen/common/Kconfig > index 4bec78c6f267..03ef6d87abc0 100644 > --- a/xen/common/Kconfig > +++ b/xen/common/Kconfig > @@ -162,29 +162,21 @@ config STATIC_MEMORY > menu "Speculative hardening" > > config INDIRECT_THUNK > - bool "Speculative Branch Target Injection Protection" > + bool "Out-of-line Indirect Call/Jumps" > depends on CC_HAS_INDIRECT_THUNK > default y > help > - Contemporary processors may use speculative execution as a > - performance optimisation, but this can potentially be abused by an > - attacker to leak data via speculative sidechannels. It would be nice if this boilerplate text could be made the "help" of the top level menu entry, but that's not possible with Kconfig. Thanks, Roger.

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.