On 01.10.2019 16:32, Andrew Cooper wrote: > There are legitimate circumstance where array hardening is not wanted or > needed. Allow it to be turned off. > > Signed-off-by: Andrew Cooper <andrew.coop...@citrix.com>
Reviewed-by: Jan Beulich <jbeul...@suse.com> with one more question (I'm sorry, I meant to ask on v1 but then forgot): > --- a/xen/common/Kconfig > +++ b/xen/common/Kconfig > @@ -77,6 +77,30 @@ config HAS_CHECKPOLICY > string > option env="XEN_HAS_CHECKPOLICY" > > +menu "Speculative hardening" > + > +config SPECULATIVE_HARDEN_ARRAY > + bool "Speculative Array Hardening" > + default y Are you/we convinced it is a good idea to expose this without EXPERT qualifier? I know you dislike that entire model, but our common grounds still are - afaict - that we don't want a proliferation of (security) supported configuration variations. Jan _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
