On Fri, Feb 19, 2021 at 03:08:13PM -0800, Jian Cai wrote: > diff --git a/security/Kconfig.hardening b/security/Kconfig.hardening > index 269967c4fc1b..146b75a79d9e 100644 > --- a/security/Kconfig.hardening > +++ b/security/Kconfig.hardening > @@ -121,6 +121,16 @@ choice > > endchoice > > +config HARDEN_SLS_ALL > + bool "enable SLS vulnerability hardening" > + default n
Please get rid of this useless "default n" > + depends on $(cc-option,-mharden-sls=all) > + help > + Enables straight-line speculation vulnerability hardening on ARM and > ARM64 > + architectures. It inserts speculation barrier sequences (SB or DSB+ISB > + depending on the target architecture) after RET and BR, and replacing > + BLR with BL+BR sequence. Given that this is in an architecture independent Kconfig file, and it detects support in CC for this feature, why should this help text be written to be specific to a couple of architectures? Will this feature only ever be available on these two architectures? What if someone adds support for another architecture? -- RMK's Patch system: https://www.armlinux.org.uk/developer/patches/ FTTP is here! 40Mbps down 10Mbps up. Decent connectivity at last!
