Message ID | 20220309113441.22746-1-jgross@suse.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | xen/x86: drop dependency of XEN_SHSTK on EXPERT | expand |
On 09.03.2022 12:34, Juergen Gross wrote: > XEN_SHSTK should be on per default now that it is supported officially. > Only let the prompt depend on EXPERT. > > Signed-off-by: Juergen Gross <jgross@suse.com> Reviewed-by: Jan Beulich <jbeulich@suse.com> > --- a/xen/arch/x86/Kconfig > +++ b/xen/arch/x86/Kconfig > @@ -117,8 +117,8 @@ config HVM > If unsure, say Y. > > config XEN_SHSTK > - bool "Supervisor Shadow Stacks (EXPERT)" > - depends on HAS_AS_CET_SS && EXPERT > + bool "Supervisor Shadow Stacks" if EXPERT > + depends on HAS_AS_CET_SS While I think it's better this way, if others thought the dependency should be dropped altogether, I wouldn't mind. Jan
On 09/03/2022 11:34, Juergen Gross wrote: > XEN_SHSTK should be on per default now that it is supported officially. > Only let the prompt depend on EXPERT. > > Signed-off-by: Juergen Gross <jgross@suse.com> > --- > xen/arch/x86/Kconfig | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/xen/arch/x86/Kconfig b/xen/arch/x86/Kconfig > index 83d0f317ec..c166db3499 100644 > --- a/xen/arch/x86/Kconfig > +++ b/xen/arch/x86/Kconfig > @@ -117,8 +117,8 @@ config HVM > If unsure, say Y. > > config XEN_SHSTK > - bool "Supervisor Shadow Stacks (EXPERT)" > - depends on HAS_AS_CET_SS && EXPERT > + bool "Supervisor Shadow Stacks" if EXPERT It has previously been stated that anything hidden behind expert is not supported. shstk is sure as hell supported when compiled off, because that's been the status quo so far. It's also wrong for shstk to be handled differently to IBT. Most importantly however, it is simply obstructive to have options like this hidden because the user can force them off by using an older compiler. ~Andrew
diff --git a/xen/arch/x86/Kconfig b/xen/arch/x86/Kconfig index 83d0f317ec..c166db3499 100644 --- a/xen/arch/x86/Kconfig +++ b/xen/arch/x86/Kconfig @@ -117,8 +117,8 @@ config HVM If unsure, say Y. config XEN_SHSTK - bool "Supervisor Shadow Stacks (EXPERT)" - depends on HAS_AS_CET_SS && EXPERT + bool "Supervisor Shadow Stacks" if EXPERT + depends on HAS_AS_CET_SS default y ---help--- Control-flow Enforcement Technology (CET) is a set of features in
XEN_SHSTK should be on per default now that it is supported officially. Only let the prompt depend on EXPERT. Signed-off-by: Juergen Gross <jgross@suse.com> --- xen/arch/x86/Kconfig | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)