[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v4 1/2] xen: EXPERT clean-up and introduce UNSUPPORTED


  • To: Julien Grall <julien@xxxxxxx>
  • From: Bertrand Marquis <Bertrand.Marquis@xxxxxxx>
  • Date: Tue, 26 Jan 2021 14:23:28 +0000
  • Accept-language: en-GB, en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XTx/eoR77d/6vQZXnSmBfeszOpLOAqTA4K5kQT35Kiw=; b=AnRvKlyEr6DZxDJOKA46MZOMCd0c+pYAbChFYuiT7de0hjY8s3GPuDqqK1TZAggRPRXzgYlSpSmHpvFGA7pGo0+4ozio4frFvxlQBVDV4U6wN8TczgwbPOqy3ZXMdY7VVnPiT6ZnOQ7GwvgkfHKG/igo6z/hay3LLrhzHnS7oNp76YdKInXRYdfyp0uCHwLNE+ZY5PL6DAgGS3RruACxbzf9ttER47t5xQonSn9avJ3LTqd/iJMma1rT9NR+McWMiGEHjpJc+JrnEZABjkYNE55WFADxzUTrp50MplOjcxTk4sTHAJ5QM6UUMQskZvtNWOkP5QFRYUmQyIeTmLZgLw==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=nhE8UH6piz7YCAogjMKC8LpvDOh8SsdwDPs//FyRD+mr0g9K54TRKE9xF0AqPAwoO5cmf8HPHnBNIvsEGGB0rXjkqinuF+Fikw5DHj3tFLdb7/Yli5ThurJZS6qt4WgG7vZws5Evxrqfsr72VnKFxvQPH9Zl5amXRcGneW5xcYy8c5R9hzkR98Xkj0hS2cua6tPfe63caRGihdiQmY2+h8LxYQ0jb6e0f9dxmDBiiN8E5e0W2JQXvU+p0xhT89WNheaWphJW268+rmiOBV0YuiY3q6jrWNh5SxTMmy8GD6NPDdNgkzcFjYmpAGKslBCZnZ4VnYcHygWj0zjv4G/L6g==
  • Authentication-results-original: xen.org; dkim=none (message not signed) header.d=none;xen.org; dmarc=none action=none header.from=arm.com;
  • Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Stefano Stabellini <stefano.stabellini@xxxxxxxxxx>, "andrew.cooper3@xxxxxxxxxx" <andrew.cooper3@xxxxxxxxxx>, "george.dunlap@xxxxxxxxxx" <george.dunlap@xxxxxxxxxx>, "iwj@xxxxxxxxxxxxxx" <iwj@xxxxxxxxxxxxxx>, "jbeulich@xxxxxxxx" <jbeulich@xxxxxxxx>, "wl@xxxxxxx" <wl@xxxxxxx>
  • Delivery-date: Tue, 26 Jan 2021 14:24:21 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Nodisclaimer: true
  • Original-authentication-results: xen.org; dkim=none (message not signed) header.d=none;xen.org; dmarc=none action=none header.from=arm.com;
  • Thread-index: AQHW82EN9R2ynrmbqk6EAVX0Oyalkao57c2AgAAJDwA=
  • Thread-topic: [PATCH v4 1/2] xen: EXPERT clean-up and introduce UNSUPPORTED

Hi Julien,

> On 26 Jan 2021, at 13:51, Julien Grall <julien@xxxxxxx> wrote:
> 
> Hi Stefano,
> 
> On 25/01/2021 21:27, Stefano Stabellini wrote:
>>  config ARM_SSBD
>> -    bool "Speculative Store Bypass Disable" if EXPERT
>> +    bool "Speculative Store Bypass Disable (UNSUPPORTED)" if UNSUPPORTED
>>      depends on HAS_ALTERNATIVE
>>      default y
>>      help
>> @@ -87,7 +87,7 @@ config ARM_SSBD
>>        If unsure, say Y.
>>    config HARDEN_BRANCH_PREDICTOR
>> -    bool "Harden the branch predictor against aliasing attacks" if EXPERT
>> +    bool "Harden the branch predictor against aliasing attacks 
>> (UNSUPPORTED)" if UNSUPPORTED
>>      default y
>>      help
>>        Speculation attacks against some high-performance processors rely on
> 
> I read through the back and forth between Bertrand and Jan about 
> "UNSUPPORTED". However, I still don't understand why those two options are 
> moved to UNSUPPORTED.

Discussion was more on what to do for options which have a default y and can 
only be turned off with UNSUPPORTED or EXPERT selected.

> 
> Both options will only build the code to enable the mitigation. The decision 
> is still based on the processor you are running on.
> 
> In addition to that, ARM_SSBD can also be forced enabled/disabled on the 
> command line.
> 
> A user may want to compile out the code if the target processor is not the 
> affected by the two issues. This wouldn't be much different to Xen deciding 
> to not enabling the mitigation.
> 
> I would view the two options as supported but not security supported. So this 
> seems to fit exactly in the definition of EXPERT rather than UNSUPPORTED.

I think you are right here, not security supported should be only available to 
EXPERT.

Cheers
Bertrand

> 
> Cheers,
> 
> -- 
> Julien Grall
> 




 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.