[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v4 1/2] xen: EXPERT clean-up and introduce UNSUPPORTED
- To: Julien Grall <julien@xxxxxxx>
- From: Bertrand Marquis <Bertrand.Marquis@xxxxxxx>
- Date: Tue, 26 Jan 2021 14:23:28 +0000
- Accept-language: en-GB, en-US
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XTx/eoR77d/6vQZXnSmBfeszOpLOAqTA4K5kQT35Kiw=; b=AnRvKlyEr6DZxDJOKA46MZOMCd0c+pYAbChFYuiT7de0hjY8s3GPuDqqK1TZAggRPRXzgYlSpSmHpvFGA7pGo0+4ozio4frFvxlQBVDV4U6wN8TczgwbPOqy3ZXMdY7VVnPiT6ZnOQ7GwvgkfHKG/igo6z/hay3LLrhzHnS7oNp76YdKInXRYdfyp0uCHwLNE+ZY5PL6DAgGS3RruACxbzf9ttER47t5xQonSn9avJ3LTqd/iJMma1rT9NR+McWMiGEHjpJc+JrnEZABjkYNE55WFADxzUTrp50MplOjcxTk4sTHAJ5QM6UUMQskZvtNWOkP5QFRYUmQyIeTmLZgLw==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=nhE8UH6piz7YCAogjMKC8LpvDOh8SsdwDPs//FyRD+mr0g9K54TRKE9xF0AqPAwoO5cmf8HPHnBNIvsEGGB0rXjkqinuF+Fikw5DHj3tFLdb7/Yli5ThurJZS6qt4WgG7vZws5Evxrqfsr72VnKFxvQPH9Zl5amXRcGneW5xcYy8c5R9hzkR98Xkj0hS2cua6tPfe63caRGihdiQmY2+h8LxYQ0jb6e0f9dxmDBiiN8E5e0W2JQXvU+p0xhT89WNheaWphJW268+rmiOBV0YuiY3q6jrWNh5SxTMmy8GD6NPDdNgkzcFjYmpAGKslBCZnZ4VnYcHygWj0zjv4G/L6g==
- Authentication-results-original: xen.org; dkim=none (message not signed) header.d=none;xen.org; dmarc=none action=none header.from=arm.com;
- Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Stefano Stabellini <stefano.stabellini@xxxxxxxxxx>, "andrew.cooper3@xxxxxxxxxx" <andrew.cooper3@xxxxxxxxxx>, "george.dunlap@xxxxxxxxxx" <george.dunlap@xxxxxxxxxx>, "iwj@xxxxxxxxxxxxxx" <iwj@xxxxxxxxxxxxxx>, "jbeulich@xxxxxxxx" <jbeulich@xxxxxxxx>, "wl@xxxxxxx" <wl@xxxxxxx>
- Delivery-date: Tue, 26 Jan 2021 14:24:21 +0000
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
- Nodisclaimer: true
- Original-authentication-results: xen.org; dkim=none (message not signed) header.d=none;xen.org; dmarc=none action=none header.from=arm.com;
- Thread-index: AQHW82EN9R2ynrmbqk6EAVX0Oyalkao57c2AgAAJDwA=
- Thread-topic: [PATCH v4 1/2] xen: EXPERT clean-up and introduce UNSUPPORTED
Hi Julien,
> On 26 Jan 2021, at 13:51, Julien Grall <julien@xxxxxxx> wrote:
>
> Hi Stefano,
>
> On 25/01/2021 21:27, Stefano Stabellini wrote:
>> config ARM_SSBD
>> - bool "Speculative Store Bypass Disable" if EXPERT
>> + bool "Speculative Store Bypass Disable (UNSUPPORTED)" if UNSUPPORTED
>> depends on HAS_ALTERNATIVE
>> default y
>> help
>> @@ -87,7 +87,7 @@ config ARM_SSBD
>> If unsure, say Y.
>> config HARDEN_BRANCH_PREDICTOR
>> - bool "Harden the branch predictor against aliasing attacks" if EXPERT
>> + bool "Harden the branch predictor against aliasing attacks
>> (UNSUPPORTED)" if UNSUPPORTED
>> default y
>> help
>> Speculation attacks against some high-performance processors rely on
>
> I read through the back and forth between Bertrand and Jan about
> "UNSUPPORTED". However, I still don't understand why those two options are
> moved to UNSUPPORTED.
Discussion was more on what to do for options which have a default y and can
only be turned off with UNSUPPORTED or EXPERT selected.
>
> Both options will only build the code to enable the mitigation. The decision
> is still based on the processor you are running on.
>
> In addition to that, ARM_SSBD can also be forced enabled/disabled on the
> command line.
>
> A user may want to compile out the code if the target processor is not the
> affected by the two issues. This wouldn't be much different to Xen deciding
> to not enabling the mitigation.
>
> I would view the two options as supported but not security supported. So this
> seems to fit exactly in the definition of EXPERT rather than UNSUPPORTED.
I think you are right here, not security supported should be only available to
EXPERT.
Cheers
Bertrand
>
> Cheers,
>
> --
> Julien Grall
>
|