Add a new Kconfig option under the "Speculative hardening" section
that allows selecting whether to enable retpoline. This depends on the
underlying compiler having retpoline support.
Requested-by: Andrew Cooper <andrew.coop...@citrix.com>
Signed-off-by: Roger Pau Monné <roger....@citrix.com>
---
Changes since v2:
- Place first in the section.
- Remove "If unsure".
Changes since v1:
- Fix description of option to use indirect branches instead of
indirect calls.
---
xen/arch/x86/Kconfig | 5 -----
xen/common/Kconfig | 14 ++++++++++++++
2 files changed, 14 insertions(+), 5 deletions(-)
diff --git a/xen/arch/x86/Kconfig b/xen/arch/x86/Kconfig
index f8dca4dc85..eb4d1a949f 100644
--- a/xen/arch/x86/Kconfig
+++ b/xen/arch/x86/Kconfig
@@ -36,11 +36,6 @@ config CC_INDIRECT_THUNK
def_bool $(cc-option,-mindirect-branch-register) || \
$(cc-option,-mretpoline-external-thunk)
-
-config INDIRECT_THUNK
- def_bool y
- depends on CC_INDIRECT_THUNK
-
config HAS_AS_CET_SS
# binutils >= 2.29 or LLVM >= 6
def_bool $(as-instr,wrssq %rax$(comma)0;setssbsy)
diff --git a/xen/common/Kconfig b/xen/common/Kconfig
index db687b1785..533b8f33e6 100644
--- a/xen/common/Kconfig
+++ b/xen/common/Kconfig
@@ -85,6 +85,20 @@ config STATIC_MEMORY
menu "Speculative hardening"
+config INDIRECT_THUNK
+ bool "Speculative Branch Target Injection Protection"
+ depends on CC_INDIRECT_THUNK
+ default y
+ help
+ Contemporary processors may use speculative execution as a
+ performance optimisation, but this can potentially be abused by an
+ attacker to leak data via speculative sidechannels.
+
+ One source of data leakage is via branch target injection.
+
+ When enabled, indirect branches are implemented using a new construct
+ called "retpoline" that prevents speculation.
+
config SPECULATIVE_HARDEN_ARRAY
bool "Speculative Array Hardening"
default y
--
2.34.1
