Re: [PATCH v4 1/2] xen: EXPERT clean-up and introduce UNSUPPORTED

[Stefano Stabellini <sstabellini@xxxxxxxxxx>]

On Tue, 26 Jan 2021, Julien Grall wrote:
> Hi Stefano,
> 
> On 25/01/2021 21:27, Stefano Stabellini wrote:
> >   config ARM_SSBD
> > -   bool "Speculative Store Bypass Disable" if EXPERT
> > +   bool "Speculative Store Bypass Disable (UNSUPPORTED)" if UNSUPPORTED
> >     depends on HAS_ALTERNATIVE
> >     default y
> >     help
> > @@ -87,7 +87,7 @@ config ARM_SSBD
> >       If unsure, say Y.
> >     config HARDEN_BRANCH_PREDICTOR
> > -   bool "Harden the branch predictor against aliasing attacks" if EXPERT
> > +   bool "Harden the branch predictor against aliasing attacks
> > (UNSUPPORTED)" if UNSUPPORTED
> >     default y
> >     help
> >       Speculation attacks against some high-performance processors rely on
> 
> I read through the back and forth between Bertrand and Jan about
> "UNSUPPORTED". However, I still don't understand why those two options are
> moved to UNSUPPORTED.
> 
> Both options will only build the code to enable the mitigation. The decision
> is still based on the processor you are running on.
> 
> In addition to that, ARM_SSBD can also be forced enabled/disabled on the
> command line.

Yes, you are right. HARDEN_BRANCH_PREDICTOR and ARM_SSBD should remain
EXPERT as they are today. It was a mistake to change them to
UNSUPPORTED.


> A user may want to compile out the code if the target processor is not the
> affected by the two issues. This wouldn't be much different to Xen deciding to
> not enabling the mitigation.
> 
> I would view the two options as supported but not security supported. So this
> seems to fit exactly in the definition of EXPERT rather than UNSUPPORTED.

Yes, I'll leave them unmodified.