On 13.08.2024 19:13, Ayan Kumar Halder wrote: > From: Penny Zheng <penny.zh...@arm.com> > > Introduced CONFIG_VMAP which is selected by the architectures that use > MMU. vm_init() does not do anything if CONFIG_VMAP is not enabled. > > VMAP is widely used in ALTERNATIVE feature to remap a range of memory > with new memory attributes. Since this is highly dependent on virtual > address translation, we choose to fold VMAP in MMU system. > > In this patch, we introduce a new Kconfig CONFIG_HAS_VMAP, and make it > only support in MMU system on ARM architecture. And ALTERNATIVE now > depends on VMAP. > > HARDEN_BRANCH_PREDICTOR is now gated on HAS_VMAP as speculative > attacks are not possible on non MMU based systems (ie Cortex-R52, R82). > See > https://developer.arm.com/Arm%20Security%20Center/Speculative%20Processor%20Vulnerability.
While I'm not an Arm expert and hence I'm likely missing aspects, I question the one (Spectre-BHB) vulnerability there to be sufficient to draw a conclusion towards the usefulness of branch hardening. I would advise against encoding such a connection in the Kconfig dependencies. > --- a/xen/arch/x86/Kconfig > +++ b/xen/arch/x86/Kconfig > @@ -1,6 +1,7 @@ > config X86_64 > def_bool y > select 64BIT > + select HAS_VMAP > > config X86 > def_bool y > @@ -31,6 +32,7 @@ config X86 > select HAS_UBSAN > select HAS_VPCI if HVM > select NEEDS_LIBELF > + select HAS_VMAP Why in two places? Also please respect alphabetic sorting here (if this hunk is kept, which may be the more consistent approach) ... > --- a/xen/common/Kconfig > +++ b/xen/common/Kconfig > @@ -77,6 +77,9 @@ config HAS_PIRQ > config HAS_PMAP > bool > > +config HAS_VMAP > + bool > + > config HAS_SCHED_GRANULARITY > bool ... and here. Jan
