| Message ID | 20220218143416.34475-4-roger.pau@citrix.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show
Return-Path: <xen-devel-bounces@lists.xenproject.org> X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 9CA47C433F5 for <xen-devel@archiver.kernel.org>; Fri, 18 Feb 2022 14:35:08 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.275512.471446 (Exim 4.92) (envelope-from <xen-devel-bounces@lists.xenproject.org>) id 1nL4LS-00011S-CF; Fri, 18 Feb 2022 14:34:50 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 275512.471446; Fri, 18 Feb 2022 14:34:50 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from <xen-devel-bounces@lists.xenproject.org>) id 1nL4LS-00011J-8z; Fri, 18 Feb 2022 14:34:50 +0000 Received: by outflank-mailman (input) for mailman id 275512; Fri, 18 Feb 2022 14:34:48 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from <SRS0=YtLv=TB=citrix.com=prvs=0411da6ea=roger.pau@srs-se1.protection.inumbo.net>) id 1nL4LQ-0008Sp-Ey for xen-devel@lists.xenproject.org; Fri, 18 Feb 2022 14:34:48 +0000 Received: from esa4.hc3370-68.iphmx.com (esa4.hc3370-68.iphmx.com [216.71.155.144]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id eb23284e-90c7-11ec-8723-dd0c611c5f35; Fri, 18 Feb 2022 15:34:47 +0100 (CET) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion <xen-devel.lists.xenproject.org> List-Unsubscribe: <https://lists.xenproject.org/mailman/options/xen-devel>, <mailto:xen-devel-request@lists.xenproject.org?subject=unsubscribe> List-Post: <mailto:xen-devel@lists.xenproject.org> List-Help: <mailto:xen-devel-request@lists.xenproject.org?subject=help> List-Subscribe: <https://lists.xenproject.org/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xenproject.org?subject=subscribe> Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org> X-Inumbo-ID: eb23284e-90c7-11ec-8723-dd0c611c5f35 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1645194887; h=from:to:cc:subject:date:message-id:in-reply-to: references:content-transfer-encoding:mime-version; bh=NkHFymHkeKgIK++83ZytrpXL1OQuo5Mz+mG7P3n6lX8=; b=eYr40jb/Q4yoOV2Aiqy7dZ+RgYsjMOt+5L6kFyJFuKN7FWgMv1q0bHkS yBNY1LrQYpsYiMWod/LOclTA5IYH9ch/67hggz4pG9lA7pyS11A/q18UY hJqGUO85ti+kvVEh3CMsZrqEogGuSHhMikiRvVxtwRgAt0OOkgI47zd9c I=; Authentication-Results: esa4.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com X-SBRS: 5.1 X-MesageID: 66766320 X-Ironport-Server: esa4.hc3370-68.iphmx.com X-Remote-IP: 162.221.156.83 X-Policy: $RELAYED IronPort-Data: A9a23:2ooFoKlhSxozIqs+EIFfKXno5gy+JkRdPkR7XQ2eYbSJt1+Wr1Gzt xJKWj/VPfeDZmHwcoh0Ot7i/E4AsMfUn95mTQdkrng2HiMWpZLJC+rCIxarNUt+DCFioGGLT Sk6QoOdRCzhZiaE/n9BCpC48T8kk/vgqoPUUIYoAAgoLeNfYHpn2UILd9IR2NYy24DjWlPV4 7senuWEULOb828sWo4rw/rrRCNH5JwebxtB4zTSzdgS1LPvvyF94KA3fMldHFOhKmVgJcaoR v6r8V2M1jixEyHBqD+Suu2TnkUiGtY+NOUV45Zcc/DKbhNq/kTe3kunXRa1hIg+ZzihxrhMJ NtxWZOYcl4HYYLntL4ndUdCPyslPqx85r/7GC3q2SCT5xWun3rExvxvCAc9PJEC+/YxCmZLn RAaAGlTNFbZ3bvwme/lDLk37iggBJCD0Ic3oHZvwCufFf87aZvCX7/L9ZlT2zJYasVmQ6iBO ZRCM2IHgBLoXC1RAhQFI9UEntiv2VT1SA1KkQu2qv9ii4TU5FMoi+W8WDbPQfSIWMFUk0Cwt m/AuWPjDXkyL8eDwDCI9natgO7nni7hXo8WUrqi+ZZCn1m71mEVThoMWjOTsfS/z0KzRd9bA 0gV4TY167g/8lSxSdvwVAH+p2SL1jYeUddNF+wx6CmW17HZpQ2eAwA5oiVpMYJ88pVsHHpzi wHPz4iB6SFTXKO9ciuzqZi/gWmIH3YPAWVZZi4+Uws52oy2yG0stS7nQtFmGa+zq9T6HzDs3 jyHxBQDa6UvYd0jjPviow2e6964jt2QF1NuuF2LNo6wxl4hPOaYi5qUBU83BBqqBKKQVRG/s XcNgKByB8heXMjWxERhrAjgdYxFBspp0hWA0DaD/LF7rlxBHkJPm6gJsVmSw28zb645lcfBO hO7hO+ozMY70IGWRaF2eZmtLM8h0LLtE9/oPtiNMIYTO8ItLF7bong0DaJ144wLuBF9+U3YE c3GGftA8F5AUfg3pNZIb7x1PUAXKtAWmjqIGMGTI+WP2ruCfn+FIYrpw3PVBt3VGJis+V2Pm /4GbpPi40wGDIXWP3mGmaZOfAtiBSVqWvjLRzl/K7frzvxOQzp6VZc8ANoJJuRYokiivr2Wp irkAhcAkjISRxTvcG23V5yqU5u2Nb5XpnMnJy08e1Gu3nkoe4G066kDMZAweNEaGCZLl5aYk 9Ftlx28P8ly IronPort-HdrOrdr: A9a23:/8CnO6M7cd3fvcBcT1v155DYdb4zR+YMi2TDiHoedfUFSKOlfp 6V8MjztSWVtN4QMEtQ/uxoX5PwPk80lKQFnbX5WI3CYOCIghrQEGgP1/qG/9SkIVyFygc/79 YRT0EdMqyJMbESt6+Ti2PUYrVQouVvsprY+Ns2p00dPD2CAJsQiTuRZDzrdnGfE2J9dOQE/d enl4B6jgvlXU5SQtWwB3EDUeSGj9rXlKj+aRpDIxI88gGBgR6h9ba/SnGjr1sjegIK5Y1n3X nOkgT/6Knmm/anyiXE32uWy5hNgtPuxvZKGcTJoMkILTfHjBquee1aKvC/lQFwhNvqxEchkd HKrRtlF8Nv60nJdmXwmhfp0xmI6kdm11bSjXujxVfzq83wQzw3T+Bbg5hCTxff4008+Plhza NixQuixttqJCKFuB64y8nDVhlsmEbxi2Eli/Qvg3tWVpZbQKNNrLYY4FheHP47bWzHAbgcYa pT5fznlbRrmQvwVQGdgoAv+q3iYp0LJGbHfqBY0fbllwS/nxhCvj0lLYIk7zA9HakGOut5Dt L/Q9NVfYF1P7wrhJ1GdZI8qLOMexfwqDL3QSqvyAfcZeo600ykke+C3Fxy3pDtRKA1 X-IronPort-AV: E=Sophos;i="5.88,379,1635220800"; d="scan'208";a="66766320" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=emWtRwsxU7T1YMq73bIaGzJPvnSVff4MgVOJ12ttDX0iLJUiwMGEIxm/dJhkSkYiDgPpFjLcSp+T5jRrb5B1eLXywsKHcl/L698FajttlBMKCP4Jhhpp7JYaqpluzqd2FY2BIXAgKs6An24etLVZlJdP+ql6whfZRcxkE0yNp9LYZDtgiPIE8AiKEsEetgimCULRXFkxfNMz6Vwsrd6bhwgxm5ecHho+z6JjnrbmJ4H6Lhx11uHKHE37k9lgW3tm6u5Lbw9u1CCjBUBG3LeDfAxv2lBVAEYLleziAOWpmVH1m3K6mRNuXmZjJ6OAa1v5FkdabRN9ssugkEkygDJMMw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=wycz5DnGVIywU467a7gmql8uL29FYGmIDOKp8zvRFgg=; b=CWzoWqGcBUOfARhVL9hJFFlgYUq0hlf7yf27x4m11i/0Z8IIevFDMnwds7BkkkFtHwO78XCBKJQTKvsY4gaY0Rpt9bPOrLSq4gcNMSSp8sstAmqXcStNdMCASWpdG9Mbugcp1lJ8YMdR+u9MkdSRIR/psl6eaJLWFPD4Xi49a+qiWw2LuoN8Z8sgB84Vpe/Eh/cu93VYETdDdPwj82EhlCofpsZ8CSPl5LKKi6D+j2yb1t5cWZbF4i685b7YhaEj7fW5+G59yRUQGP+c9V3/zkF0CNvBK/C16jgdIBRxHQ+ovWEZmf0MBth24RPG3EmRbvL6e2ByleJka+3cHUBG+Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=citrix.onmicrosoft.com; s=selector2-citrix-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=wycz5DnGVIywU467a7gmql8uL29FYGmIDOKp8zvRFgg=; b=o30pPP/T9AT+7fPAjAGOnK9z4Ku7naPI+SNVlxoapVk5buIFfAyn3zs3ozLyuJZJqKqI73BzYVLNmmLOaR7youE5e8g4fsfTIjCKDnZpuZ6LKZJXHO6n1Bb8fkYUyDGesa2U6VKljquO1A7T2r170xQnolMo8v9aVZ+wJKjR8fM= From: Roger Pau Monne <roger.pau@citrix.com> To: <xen-devel@lists.xenproject.org> CC: Roger Pau Monne <roger.pau@citrix.com>, Jan Beulich <jbeulich@suse.com>, Andrew Cooper <andrew.cooper3@citrix.com>, Wei Liu <wl@xen.org>, "George Dunlap" <george.dunlap@citrix.com>, Julien Grall <julien@xen.org>, "Stefano Stabellini" <sstabellini@kernel.org> Subject: [PATCH v3 3/3] x86/Kconfig: introduce option to select retpoline usage Date: Fri, 18 Feb 2022 15:34:16 +0100 Message-ID: <20220218143416.34475-4-roger.pau@citrix.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20220218143416.34475-1-roger.pau@citrix.com> References: <20220218143416.34475-1-roger.pau@citrix.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-ClientProxiedBy: LO4P123CA0260.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600:194::13) To DS7PR03MB5608.namprd03.prod.outlook.com (2603:10b6:5:2c9::18) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 53b7cb76-8d17-4e83-7eae-08d9f2ebc9a5 X-MS-TrafficTypeDiagnostic: DS7PR03MB5543:EE_ X-Microsoft-Antispam-PRVS: <DS7PR03MB554304D47216A2FD6ED186958F379@DS7PR03MB5543.namprd03.prod.outlook.com> X-MS-Oob-TLC-OOBClassifiers: OLM:3968; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: TyQkV81lnCAkpdI5B+Z8R7wYQFiYppun/JrNeq+P67tgyWk0Z9yCPiciyvIBy+UjbbeacuBrFjUrKkcIkNpy32gWNJk9vswWsu+uZ2Bfa5PZfBC/DAItgZeh4YwzhoUayYY2WnLPrC8a2cOAPKAdBdCWhJ9HMUuqO6u5I6qx0LAYYnt0dW+rGKdZ9dnAlNWWmC+ZKCwdshaJ36GNhfN+HKnPOHK94YIrsN+klxfEYJaVjOUg6fJl6xK6t1s+EXCyLt/xH9QAFAH7ghpZYnnArokq1rNHPj8ymTg3xq5gZa8ktdWUQ75cTB/FLVpumXNauAjxYGCxzEwSEqDFKhpmFYBe0AtFgkw+9AN9enm/U3SsmkATUDNtvXu277KmeNgSWBQW9YMcEg1A+33YQnQ/W58LlH7A9HkSIVh/kI2jTELeo4i4zY6i2b1r01nwRGbDjOUuWjG7wkNmPXWkczvaX5UnHs6jl9Re1PTCjibVfIxewVrGFyg7/+8vX7Lnamt77ENyZioE9/IiCsMVPqIWOq2v2Gunx+cz0Cp9oH8Ll+b+VjF3cV08g82k4XKew8hIEGZOzY6ZgoRNmFe8u29mKYuh1izvBuYcL2HZdEeJXwmjy8DV+XYRUmo5nt/SOaihYyaUKr6Yc5gzH1RThvQeYQ== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DS7PR03MB5608.namprd03.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230001)(4636009)(366004)(86362001)(6512007)(36756003)(82960400001)(8936002)(26005)(1076003)(6486002)(8676002)(6666004)(6916009)(2616005)(66946007)(5660300002)(2906002)(54906003)(66476007)(316002)(66556008)(83380400001)(4326008)(508600001)(6506007)(186003)(38100700002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?q?N85oz+KYLHfxG0nDX7jcneuqedYb?= =?utf-8?q?RvUzVKlJL6LDb4hXl0cW0sCcJEb/dECaQzkWY9SEORLbLzSmIKzU/lyy1GZ++2bqV?= =?utf-8?q?Ib/e7E6IyJ5htr6vaQb5fUa/P0YXB1ljWgNG0+LIZPhosOIp2crD67+nvmoe9mY7r?= =?utf-8?q?3B2F7Y7/aDmsoWRDnkfSVguwTknWiTU2llE455C1DJaA0oeVYOuKJOA4oczuPNT1S?= =?utf-8?q?LX4T44hjzz0PxokX/PO8t2dnMTFSfERttmoB8B4YKLGhri/2reYocHja5YvfR4x6f?= =?utf-8?q?auHwKu87SjAmaSdq/53ujB/iq4j6ovsEuaGYNWvLku9y9JIOFe+Tvf8jrwpBFEPAn?= =?utf-8?q?WF7cxKi069jevG12BbzBLiPKtMwoqMeYccADzTTq09r4eysRDG1cCNtOH1CIGvcaD?= =?utf-8?q?VkAWwk6OwGCZCdZR2+ZrYhxVjKHrvCDFiFqbjYfPfVEYofiA8H80KDP8841zRTRWF?= =?utf-8?q?rmyLCk7/bfSD5a/nZbInAI0V3bh7B/CBVSINT3DSwSmj+2djp15npI6KKB1v8KDpP?= =?utf-8?q?qgau5ifZjSYZnwd9bUguOdosc+DNGob5acOSYNiY3IFavt0bwhtLJuVQdrFnsf9NW?= =?utf-8?q?Oxx19307j5Tx8nbiM0drz3zQGM2BtQ/4GRloT2ZJsTSwh3XGbQt5L716QwJoaRgwD?= =?utf-8?q?g2w+/iBesMN0fi+/sFNjFQhj22+VUfO5SuXzOyWEWgd1GBofuduTaJTcEgp7Dj56X?= =?utf-8?q?E/dOWidTfIC6qVdMRIzR5upzusfCocJcqjyNxL+pgDVmBJRXSo1/uNbPchMeUzV1y?= =?utf-8?q?gOYgLeZxDSpFQAdyGhbi+W+8Cb829TpAxwVaG3GJl+t2lcDS3hrRtVdETN1A4gXWm?= =?utf-8?q?SWzwk/3kUHzBU41Z0Bjo+S62HGk1gZanCMksI1/HYmCl6Pr/joA9VhEJN1jdPkk3P?= =?utf-8?q?iOWOA9VQa1HJRkwi/5x9pAYuE9TLC7Zhc6VlfgxPGydQ9fFFdYX2A+rFTCtQi9Fcy?= =?utf-8?q?VloioIryQyMAhSyBJfkXbNWsWo2O4MEJ38OEEgwgOtiq0Bz/FNjJ+gv04aT+E8fb5?= =?utf-8?q?QJL+BrucF+Fj8/ACqthOEG+Iq27OCu+iSmV66Vbb6+wzJEXrJDoG19jh69cQCUVdP?= =?utf-8?q?sWfRKeiCe7hO1P9iwb312RXRTtQRq9umErJVdxmsudcxt6tpC+dJW1iKcwpzfZpzB?= =?utf-8?q?d2ttfaha0WGzJeLLdUDn6cHW3I/RTzUb+38GUWtMvKo0NnbOgb3DRsV3T3W49vJLk?= =?utf-8?q?BrbRc0jipKc8C/QmEroea49owsXs0rj064zHztAi+ItUfj1PJQK0nwDBg46gmjAqd?= =?utf-8?q?rZiWn/7ZG2BzS488/5JKis9xaqq6FZofesbNmDGnP7/9RF30jDbc5bhiyMH+6+/p3?= =?utf-8?q?mWsRSFiCT2m7hu9mgHFan/flAiV0M9MWbusEjE5fOA6geg8qvA+tZbDdXALbxV/vW?= =?utf-8?q?SsSvtjgyYxI57JUlI6+tK8l3YdLuujYyRRj4094jMxcJSRwqHC7W+30D3yyUpw9kD?= =?utf-8?q?sYsLcCG4SJH0sBwZgX0QqwZZaXQJ1YUFRSPRRGDN3IZ2DphZE4ykj2Ka13vjJqf3W?= =?utf-8?q?NtsCPt9PMvv6Wotha8uW3eVVvaSxMs8QRKwyVlX99s/eqoDfspJOZcE=3D?= X-MS-Exchange-CrossTenant-Network-Message-Id: 53b7cb76-8d17-4e83-7eae-08d9f2ebc9a5 X-MS-Exchange-CrossTenant-AuthSource: DS7PR03MB5608.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 Feb 2022 14:34:36.7843 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 335836de-42ef-43a2-b145-348c2ee9ca5b X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 734ro5G1d620ojDR8cd6Qn96yFTe1tRmMMeyd1kNENBudn6iOvgy0NwEDUBnO0RFf/VZCa3apAmZhbOQwdm+qw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS7PR03MB5543 X-OriginatorOrg: citrix.com |
| Series |
retpoline: add clang support + Kconfig selectable
|
expand
|
diff --git a/xen/arch/x86/Kconfig b/xen/arch/x86/Kconfig index f8dca4dc85..eb4d1a949f 100644 --- a/xen/arch/x86/Kconfig +++ b/xen/arch/x86/Kconfig @@ -36,11 +36,6 @@ config CC_INDIRECT_THUNK def_bool $(cc-option,-mindirect-branch-register) || \ $(cc-option,-mretpoline-external-thunk) - -config INDIRECT_THUNK - def_bool y - depends on CC_INDIRECT_THUNK - config HAS_AS_CET_SS # binutils >= 2.29 or LLVM >= 6 def_bool $(as-instr,wrssq %rax$(comma)0;setssbsy) diff --git a/xen/common/Kconfig b/xen/common/Kconfig index db687b1785..533b8f33e6 100644 --- a/xen/common/Kconfig +++ b/xen/common/Kconfig @@ -85,6 +85,20 @@ config STATIC_MEMORY menu "Speculative hardening" +config INDIRECT_THUNK + bool "Speculative Branch Target Injection Protection" + depends on CC_INDIRECT_THUNK + default y + help + Contemporary processors may use speculative execution as a + performance optimisation, but this can potentially be abused by an + attacker to leak data via speculative sidechannels. + + One source of data leakage is via branch target injection. + + When enabled, indirect branches are implemented using a new construct + called "retpoline" that prevents speculation. + config SPECULATIVE_HARDEN_ARRAY bool "Speculative Array Hardening" default y
Add a new Kconfig option under the "Speculative hardening" section that allows selecting whether to enable retpoline. This depends on the underlying compiler having retpoline support. Requested-by: Andrew Cooper <andrew.cooper3@citrix.com> Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> --- Changes since v2: - Place first in the section. - Remove "If unsure". Changes since v1: - Fix description of option to use indirect branches instead of indirect calls. --- xen/arch/x86/Kconfig | 5 ----- xen/common/Kconfig | 14 ++++++++++++++ 2 files changed, 14 insertions(+), 5 deletions(-)