diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 61d49453406..38e1c272d57 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -225,6 +225,56 @@ config X86_NO_SPECULATIVE_VULNERABILITIES or is a newer chip which is immune to the class of vulnerabilities which exploit speculative execution side channel attacks. +config DISABLE_SSBD + bool "Disable Speculative Store Bypass" + depends on USERSPACE + default y if !X86_NO_SPECTRE_V4 + help + This option will disable Speculative Store Bypass in order to + mitigate against certain kinds of side channel attacks. Quoting + the "Speculative Execution Side Channels" document, version 2.0: + + When SSBD is set, loads will not execute speculatively + until the addresses of all older stores are known. This + ensure s that a load does not speculatively consume stale + data values due to bypassing an older store on the same + logical processor. + + If enabled, this applies to all threads in the system. + + Even if enabled, will have no effect on CPUs that do not + require this feature. + +config ENABLE_EXTENDED_IBRS + bool "Enable Extended IBRS" + depends on USERSPACE + default y if !X86_NO_SPECTRE_V2 + help + This option will enable the Extended Indirect Branch Restricted + Speculation 'always on' feature. This mitigates Indirect Branch + Control vulnerabilities (aka Spectre V2). + +config X86_BOUNDS_CHECK_BYPASS_MITIGATION + bool + depends on USERSPACE + default y if !X86_NO_SPECTRE_V1 + select BOUNDS_CHECK_BYPASS_MITIGATION + help + Hidden config to select arch-independent option to enable + Spectre V1 mitigations by default if the CPU is not known + to be immune to it. + +config X86_KPTI + bool "Enable kernel page table isolation" + default y + depends on USERSPACE + depends on !X86_NO_MELTDOWN + help + Implements kernel page table isolation to mitigate Meltdown exploits + to read Kernel RAM. Incurs a significant performance cost for + user thread interrupts and system calls, and significant footprint + increase for additional page tables and trampoline stacks. + source "arch/x86/core/Kconfig.ia32" source "arch/x86/core/Kconfig.intel64" diff --git a/arch/x86/core/CMakeLists.txt b/arch/x86/core/CMakeLists.txt index a9c0202415e..c32454c54ff 100644 --- a/arch/x86/core/CMakeLists.txt +++ b/arch/x86/core/CMakeLists.txt @@ -11,6 +11,7 @@ zephyr_library_sources(cpuhalt.c) zephyr_library_sources(memmap.c) zephyr_library_sources(prep_c.c) zephyr_library_sources(fatal.c) +zephyr_library_sources(spec_ctrl.c) zephyr_library_sources_if_kconfig(pcie.c) zephyr_library_sources_if_kconfig(reboot_rst_cnt.c) diff --git a/arch/x86/core/Kconfig.ia32 b/arch/x86/core/Kconfig.ia32 index 7503750051d..ecd6ce45301 100644 --- a/arch/x86/core/Kconfig.ia32 +++ b/arch/x86/core/Kconfig.ia32 @@ -41,34 +41,7 @@ config GDT_DYNAMIC endmenu -config DISABLE_SSBD - bool "Disable Speculative Store Bypass" - depends on USERSPACE - default y if !X86_NO_SPECTRE_V4 - help - This option will disable Speculative Store Bypass in order to - mitigate against certain kinds of side channel attacks. Quoting - the "Speculative Execution Side Channels" document, version 2.0: - - When SSBD is set, loads will not execute speculatively - until the addresses of all older stores are known. This - ensure s that a load does not speculatively consume stale - data values due to bypassing an older store on the same - logical processor. - - If enabled, this applies to all threads in the system. - - Even if enabled, will have no effect on CPUs that do not - require this feature. - -config ENABLE_EXTENDED_IBRS - bool "Enable Extended IBRS" - depends on USERSPACE - default y if !X86_NO_SPECTRE_V2 - help - This option will enable the Extended Indirect Branch Restricted - Speculation 'always on' feature. This mitigates Indirect Branch - Control vulnerabilities (aka Spectre V2). +menu "Processor Capabilities" config X86_RETPOLINE bool "Build with retpolines enabled in x86 assembly code" @@ -80,18 +53,6 @@ config X86_RETPOLINE [1] https://support.google.com/faqs/answer/7625886 -config X86_BOUNDS_CHECK_BYPASS_MITIGATION - bool - depends on USERSPACE - default y if !X86_NO_SPECTRE_V1 - select BOUNDS_CHECK_BYPASS_MITIGATION - help - Hidden config to select arch-independent option to enable - Spectre V1 mitigations by default if the CPU is not known - to be immune to it. - -menu "Processor Capabilities" - config X86_ENABLE_TSS bool help @@ -124,17 +85,6 @@ config X86_USERSPACE supporting user-level threads that are protected from each other and from crashing the kernel. -config X86_KPTI - bool "Enable kernel page table isolation" - default y - depends on USERSPACE - depends on !X86_NO_MELTDOWN - help - Implements kernel page table isolation to mitigate Meltdown exploits - to read Kernel RAM. Incurs a significant performance cost for - user thread interrupts and system calls, and significant footprint - increase for additional page tables and trampoline stacks. - menu "Architecture Floating Point Options" depends on CPU_HAS_FPU diff --git a/arch/x86/core/ia32.cmake b/arch/x86/core/ia32.cmake index 94d9ca5673c..128e5d40071 100644 --- a/arch/x86/core/ia32.cmake +++ b/arch/x86/core/ia32.cmake @@ -17,7 +17,6 @@ zephyr_library_sources( ia32/irq_manage.c ia32/swap.S ia32/thread.c - ia32/spec_ctrl.c ) zephyr_library_sources_ifdef(CONFIG_IRQ_OFFLOAD ia32/irq_offload.c) diff --git a/arch/x86/core/ia32/spec_ctrl.c b/arch/x86/core/spec_ctrl.c similarity index 100% rename from arch/x86/core/ia32/spec_ctrl.c rename to arch/x86/core/spec_ctrl.c