On Thu, Feb 17, 2022 at 10:07:32AM +0100, Jan Beulich wrote: > On 16.02.2022 17:21, Roger Pau Monne wrote: > > Add a new Kconfig option under the "Speculative hardening" section > > that allows selecting whether to enable retpoline. This depends on the > > underlying compiler having retpoline support. > > > > Requested-by: Andrew Cooper <andrew.coop...@citrix.com> > > Signed-off-by: Roger Pau Monné <roger....@citrix.com> > > Reviewed-by: Jan Beulich <jbeul...@suse.com> > > There's one aspect though which I would like to see Arm maintainer > input on: > > > --- a/xen/arch/x86/Kconfig > > +++ b/xen/arch/x86/Kconfig > > @@ -38,10 +38,6 @@ config GCC_INDIRECT_THUNK > > config CLANG_INDIRECT_THUNK > > def_bool $(cc-option,-mretpoline-external-thunk) > > > > -config INDIRECT_THUNK > > - def_bool y > > - depends on GCC_INDIRECT_THUNK || CLANG_INDIRECT_THUNK > > Moving this ... > > > --- a/xen/common/Kconfig > > +++ b/xen/common/Kconfig > > @@ -146,6 +146,22 @@ config SPECULATIVE_HARDEN_GUEST_ACCESS > > > > If unsure, say Y. > > > > +config INDIRECT_THUNK > > + bool "Speculative Branch Target Injection Protection" > > + depends on X86 && (GCC_INDIRECT_THUNK || CLANG_INDIRECT_THUNK) > > ... here despite being explicitly marked x86-specific looks a > little odd. Since the dependencies are x86-specific, dropping > X86 from here would make my slight concern go away.
Right - I've added the X86 because I was concerned about GCC or CLANG also exposing the repoline options on Arm, but that's not an issue because the compiler tests are only done for x86 anyway. Feel free to drop the 'X86 &&' and the parentheses if you wish. Otherwise I can resend if you prefer. Thanks, Roger.
