On 01.10.2019 17:52, Andrew Cooper wrote: > On 01/10/2019 15:48, Jan Beulich wrote: >> On 01.10.2019 16:32, Andrew Cooper wrote: >>> There are legitimate circumstance where array hardening is not wanted or >>> needed. Allow it to be turned off. >>> >>> Signed-off-by: Andrew Cooper <andrew.coop...@citrix.com> >> Reviewed-by: Jan Beulich <jbeul...@suse.com> >> with one more question (I'm sorry, I meant to ask on v1 but then >> forgot): >> >>> --- a/xen/common/Kconfig >>> +++ b/xen/common/Kconfig >>> @@ -77,6 +77,30 @@ config HAS_CHECKPOLICY >>> string >>> option env="XEN_HAS_CHECKPOLICY" >>> >>> +menu "Speculative hardening" >>> + >>> +config SPECULATIVE_HARDEN_ARRAY >>> + bool "Speculative Array Hardening" >>> + default y >> Are you/we convinced it is a good idea to expose this without EXPERT >> qualifier? I know you dislike that entire model, but our common >> grounds still are - afaict - that we don't want a proliferation of >> (security) supported configuration variations. > > Its not EXPERT I dislike. Having a CONFIG_EXPERT just like Linux has > would be fine. Its the fact that it will silently revert behind your > back if an environment variable is missing which is what makes the > behaviour toxic for people to use. > > That aside, I don't think this warrants expert. It is best-effort-only > mitigation, which on the balance of probability is not complete, which > can safely be turned off based on a risk assessment of the target CPU > and environment.
I mostly agree with this; the question though was more towards whether this is a good enough reason to set a(nother) precedent of an EXPERT- less option, when we try to have as few of them as possible. Jan _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
