Add a new Kconfig option under the "Speculative hardening" section that allows selecting whether to enable retpoline. This depends on the underlying compiler having retpoline support.
Requested-by: Andrew Cooper <andrew.coop...@citrix.com> Signed-off-by: Roger Pau Monné <roger....@citrix.com> --- Changes since v2: - Place first in the section. - Remove "If unsure". Changes since v1: - Fix description of option to use indirect branches instead of indirect calls. --- xen/arch/x86/Kconfig | 5 ----- xen/common/Kconfig | 14 ++++++++++++++ 2 files changed, 14 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/Kconfig b/xen/arch/x86/Kconfig index f8dca4dc85..eb4d1a949f 100644 --- a/xen/arch/x86/Kconfig +++ b/xen/arch/x86/Kconfig @@ -36,11 +36,6 @@ config CC_INDIRECT_THUNK def_bool $(cc-option,-mindirect-branch-register) || \ $(cc-option,-mretpoline-external-thunk) - -config INDIRECT_THUNK - def_bool y - depends on CC_INDIRECT_THUNK - config HAS_AS_CET_SS # binutils >= 2.29 or LLVM >= 6 def_bool $(as-instr,wrssq %rax$(comma)0;setssbsy) diff --git a/xen/common/Kconfig b/xen/common/Kconfig index db687b1785..533b8f33e6 100644 --- a/xen/common/Kconfig +++ b/xen/common/Kconfig @@ -85,6 +85,20 @@ config STATIC_MEMORY menu "Speculative hardening" +config INDIRECT_THUNK + bool "Speculative Branch Target Injection Protection" + depends on CC_INDIRECT_THUNK + default y + help + Contemporary processors may use speculative execution as a + performance optimisation, but this can potentially be abused by an + attacker to leak data via speculative sidechannels. + + One source of data leakage is via branch target injection. + + When enabled, indirect branches are implemented using a new construct + called "retpoline" that prevents speculation. + config SPECULATIVE_HARDEN_ARRAY bool "Speculative Array Hardening" default y -- 2.34.1