1. Patchew
  2. Xen
  3. View series

[PATCH] xen/x86: drop dependency of XEN_SHSTK on EXPERT

Juergen Gross posted 1 patch 2 years, 1 month ago
Test gitlab-ci passed
Patches applied successfully (tree, apply log)
git fetch https://gitlab.com/xen-project/patchew/xen tags/patchew/20220309113441.22746-1-jgross@suse.com
xen/arch/x86/Kconfig | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
[PATCH] xen/x86: drop dependency of XEN_SHSTK on EXPERT
Posted by Juergen Gross 2 years, 1 month ago 
XEN_SHSTK should be on per default now that it is supported officially.
Only let the prompt depend on EXPERT.

Signed-off-by: Juergen Gross <jgross@suse.com>
---
 xen/arch/x86/Kconfig | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/xen/arch/x86/Kconfig b/xen/arch/x86/Kconfig
index 83d0f317ec..c166db3499 100644
--- a/xen/arch/x86/Kconfig
+++ b/xen/arch/x86/Kconfig
@@ -117,8 +117,8 @@ config HVM
 	  If unsure, say Y.
 
 config XEN_SHSTK
-	bool "Supervisor Shadow Stacks (EXPERT)"
-	depends on HAS_AS_CET_SS && EXPERT
+	bool "Supervisor Shadow Stacks" if EXPERT
+	depends on HAS_AS_CET_SS
 	default y
 	---help---
 	  Control-flow Enforcement Technology (CET) is a set of features in
-- 
2.34.1
Re: [PATCH] xen/x86: drop dependency of XEN_SHSTK on EXPERT
Posted by Jan Beulich 2 years, 1 month ago 
On 09.03.2022 12:34, Juergen Gross wrote:
> XEN_SHSTK should be on per default now that it is supported officially.
> Only let the prompt depend on EXPERT.
> 
> Signed-off-by: Juergen Gross <jgross@suse.com>

Reviewed-by: Jan Beulich <jbeulich@suse.com>

> --- a/xen/arch/x86/Kconfig
> +++ b/xen/arch/x86/Kconfig
> @@ -117,8 +117,8 @@ config HVM
>  	  If unsure, say Y.
>  
>  config XEN_SHSTK
> -	bool "Supervisor Shadow Stacks (EXPERT)"
> -	depends on HAS_AS_CET_SS && EXPERT
> +	bool "Supervisor Shadow Stacks" if EXPERT
> +	depends on HAS_AS_CET_SS

While I think it's better this way, if others thought the dependency
should be dropped altogether, I wouldn't mind.

Jan
Re: [PATCH] xen/x86: drop dependency of XEN_SHSTK on EXPERT
Posted by Andrew Cooper 2 years, 1 month ago 
On 09/03/2022 11:34, Juergen Gross wrote:
> XEN_SHSTK should be on per default now that it is supported officially.
> Only let the prompt depend on EXPERT.
>
> Signed-off-by: Juergen Gross <jgross@suse.com>
> ---
>  xen/arch/x86/Kconfig | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/xen/arch/x86/Kconfig b/xen/arch/x86/Kconfig
> index 83d0f317ec..c166db3499 100644
> --- a/xen/arch/x86/Kconfig
> +++ b/xen/arch/x86/Kconfig
> @@ -117,8 +117,8 @@ config HVM
>  	  If unsure, say Y.
>  
>  config XEN_SHSTK
> -	bool "Supervisor Shadow Stacks (EXPERT)"
> -	depends on HAS_AS_CET_SS && EXPERT
> +	bool "Supervisor Shadow Stacks" if EXPERT

It has previously been stated that anything hidden behind expert is not
supported.  shstk is sure as hell supported when compiled off, because
that's been the status quo so far.

It's also wrong for shstk to be handled differently to IBT.

Most importantly however, it is simply obstructive to have options like
this hidden because the user can force them off by using an older compiler.

~Andrew

Patchew 2.1-devel-0870f84

© 2016 - 2024 Red Hat, Inc.