On 01/10/2019 15:48, Jan Beulich wrote: > On 01.10.2019 16:32, Andrew Cooper wrote: >> There are legitimate circumstance where array hardening is not wanted or >> needed. Allow it to be turned off. >> >> Signed-off-by: Andrew Cooper <andrew.coop...@citrix.com> > Reviewed-by: Jan Beulich <jbeul...@suse.com> > with one more question (I'm sorry, I meant to ask on v1 but then > forgot): > >> --- a/xen/common/Kconfig >> +++ b/xen/common/Kconfig >> @@ -77,6 +77,30 @@ config HAS_CHECKPOLICY >> string >> option env="XEN_HAS_CHECKPOLICY" >> >> +menu "Speculative hardening" >> + >> +config SPECULATIVE_HARDEN_ARRAY >> + bool "Speculative Array Hardening" >> + default y > Are you/we convinced it is a good idea to expose this without EXPERT > qualifier? I know you dislike that entire model, but our common > grounds still are - afaict - that we don't want a proliferation of > (security) supported configuration variations.
Its not EXPERT I dislike. Having a CONFIG_EXPERT just like Linux has would be fine. Its the fact that it will silently revert behind your back if an environment variable is missing which is what makes the behaviour toxic for people to use. That aside, I don't think this warrants expert. It is best-effort-only mitigation, which on the balance of probability is not complete, which can safely be turned off based on a risk assessment of the target CPU and environment. ~Andrew _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
