string
option env="XEN_HAS_CHECKPOLICY"
+menu "Speculative hardening"
+
+config SPECULATIVE_HARDEN_ARRAY
+ bool "Speculative Array Hardening"
+ default y
+ ---help---
+ Contemporary processors may use speculative execution as a
+ performance optimisation, but this can potentially be abused by an
+ attacker to leak data via speculative sidechannels.
+
+ One source of data leakage is via speculative out-of-bounds array
+ accesses.
+
+ When enabled, specific array accesses which have been deemed liable
+ to be speculatively abused will be hardened to avoid out-of-bounds
+ accesses.
+
+ This is a best-effort mitigation. There are no guarantees that all
+ areas of code open to abuse have been hardened.
+
+ If unsure, say Y.
+
+endmenu
+
config KEXEC
bool "kexec support"
default y
}
#endif
+#ifdef CONFIG_SPECULATIVE_HARDEN_ARRAY
/*
* array_index_nospec - sanitize an array index after a bounds check
*
\
(typeof(_i)) (_i & _mask); \
})
+#else
+/* No index hardening. */
+#define array_index_nospec(index, size) ((void)(size), (index))
+#endif /* CONFIG_SPECULATIVE_HARDEN_ARRAY */
/*
* array_access_nospec - allow nospec access for static size arrays
projects / people / liuw / xen.git / commitdiff