On 01/10/2019 16:58, Jan Beulich wrote: > On 01.10.2019 17:52, Andrew Cooper wrote: >> On 01/10/2019 15:48, Jan Beulich wrote: >>> On 01.10.2019 16:32, Andrew Cooper wrote: >>>> There are legitimate circumstance where array hardening is not wanted or >>>> needed. Allow it to be turned off. >>>> >>>> Signed-off-by: Andrew Cooper <andrew.coop...@citrix.com> >>> Reviewed-by: Jan Beulich <jbeul...@suse.com> >>> with one more question (I'm sorry, I meant to ask on v1 but then >>> forgot): >>> >>>> --- a/xen/common/Kconfig >>>> +++ b/xen/common/Kconfig >>>> @@ -77,6 +77,30 @@ config HAS_CHECKPOLICY >>>> string >>>> option env="XEN_HAS_CHECKPOLICY" >>>> >>>> +menu "Speculative hardening" >>>> + >>>> +config SPECULATIVE_HARDEN_ARRAY >>>> + bool "Speculative Array Hardening" >>>> + default y >>> Are you/we convinced it is a good idea to expose this without EXPERT >>> qualifier? I know you dislike that entire model, but our common >>> grounds still are - afaict - that we don't want a proliferation of >>> (security) supported configuration variations. >> Its not EXPERT I dislike. Having a CONFIG_EXPERT just like Linux has >> would be fine. Its the fact that it will silently revert behind your >> back if an environment variable is missing which is what makes the >> behaviour toxic for people to use. >> >> That aside, I don't think this warrants expert. It is best-effort-only >> mitigation, which on the balance of probability is not complete, which >> can safely be turned off based on a risk assessment of the target CPU >> and environment. > I mostly agree with this; the question though was more towards whether > this is a good enough reason to set a(nother) precedent of an EXPERT- > less option, when we try to have as few of them as possible.
Remember that it is only you who is striving to have 0 EXPERT-less options. It is not a view shared by everyone, and is certainly not a stated goal of our Kconfig setup. This is an option which is safe to flip, and will want to be flipped by users in some circumstances. Hiding it doesn't seem like a reasonable thing to do. ~Andrew _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
