On 17.02.2022 11:34, Roger Pau Monné wrote: > On Thu, Feb 17, 2022 at 10:07:32AM +0100, Jan Beulich wrote: >> On 16.02.2022 17:21, Roger Pau Monne wrote: >>> Add a new Kconfig option under the "Speculative hardening" section >>> that allows selecting whether to enable retpoline. This depends on the >>> underlying compiler having retpoline support. >>> >>> Requested-by: Andrew Cooper <andrew.coop...@citrix.com> >>> Signed-off-by: Roger Pau Monné <roger....@citrix.com> >> >> Reviewed-by: Jan Beulich <jbeul...@suse.com> >> >> There's one aspect though which I would like to see Arm maintainer >> input on: >> >>> --- a/xen/arch/x86/Kconfig >>> +++ b/xen/arch/x86/Kconfig >>> @@ -38,10 +38,6 @@ config GCC_INDIRECT_THUNK >>> config CLANG_INDIRECT_THUNK >>> def_bool $(cc-option,-mretpoline-external-thunk) >>> >>> -config INDIRECT_THUNK >>> - def_bool y >>> - depends on GCC_INDIRECT_THUNK || CLANG_INDIRECT_THUNK >> >> Moving this ... >> >>> --- a/xen/common/Kconfig >>> +++ b/xen/common/Kconfig >>> @@ -146,6 +146,22 @@ config SPECULATIVE_HARDEN_GUEST_ACCESS >>> >>> If unsure, say Y. >>> >>> +config INDIRECT_THUNK >>> + bool "Speculative Branch Target Injection Protection" >>> + depends on X86 && (GCC_INDIRECT_THUNK || CLANG_INDIRECT_THUNK) >> >> ... here despite being explicitly marked x86-specific looks a >> little odd. Since the dependencies are x86-specific, dropping >> X86 from here would make my slight concern go away. > > Right - I've added the X86 because I was concerned about GCC or CLANG > also exposing the repoline options on Arm, but that's not an issue > because the compiler tests are only done for x86 anyway. > > Feel free to drop the 'X86 &&' and the parentheses if you wish. > Otherwise I can resend if you prefer.
No need to resend just for this. Jan
