From: Roger Pau Monne <roger.pau@citrix.com>
Date: Fri, 18 Feb 2022 14:34:16 +0000 (+0100)
Subject: x86/Kconfig: introduce option to select retpoline usage
X-Git-Tag: archive/raspbian/4.17.0-1+rpi1^2~33^2~997
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=95d9ab461436;p=xen.git

x86/Kconfig: introduce option to select retpoline usage

Add a new Kconfig option under the "Speculative hardening" section
that allows selecting whether to enable retpoline. This depends on the
underlying compiler having retpoline support.

Requested-by: Andrew Cooper <andrew.cooper3@citrix.com>
Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
Acked-by: Andrew Cooper <andrew.cooper3@citrix.com>
---

diff --git a/xen/arch/x86/Kconfig b/xen/arch/x86/Kconfig
index 1465874097..41198b0f96 100644
--- a/xen/arch/x86/Kconfig
+++ b/xen/arch/x86/Kconfig
@@ -36,10 +36,6 @@ config CC_HAS_INDIRECT_THUNK
 	def_bool $(cc-option,-mindirect-branch-register) || \
 	         $(cc-option,-mretpoline-external-thunk)
 
-config INDIRECT_THUNK
-	def_bool y
-	depends on CC_HAS_INDIRECT_THUNK
-
 config HAS_AS_CET_SS
 	# binutils >= 2.29 or LLVM >= 6
 	def_bool $(as-instr,wrssq %rax$(comma)0;setssbsy)
diff --git a/xen/common/Kconfig b/xen/common/Kconfig
index db687b1785..6443943889 100644
--- a/xen/common/Kconfig
+++ b/xen/common/Kconfig
@@ -85,6 +85,20 @@ config STATIC_MEMORY
 
 menu "Speculative hardening"
 
+config INDIRECT_THUNK
+	bool "Speculative Branch Target Injection Protection"
+	depends on CC_HAS_INDIRECT_THUNK
+	default y
+	help
+	  Contemporary processors may use speculative execution as a
+	  performance optimisation, but this can potentially be abused by an
+	  attacker to leak data via speculative sidechannels.
+
+	  One source of data leakage is via branch target injection.
+
+	  When enabled, indirect branches are implemented using a new construct
+	  called "retpoline" that prevents speculation.
+
 config SPECULATIVE_HARDEN_ARRAY
 	bool "Speculative Array Hardening"
 	default y