kernel: move CONFIG_RETPOLINE definition

Retpolines were never completely implemented, even on x86.
Move this particular Kconfig to only concern itself with
the assembly code, and don't default it on ever since we
prefer SSBD instead.

We can restore the common kernel-wide CONFIG_RETPOLINE once
we have an end-to-end implementation.

Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>

arch/x86/core/Kconfig

@@ -82,3 +82,13 @@ config DISABLE_SSBD
 
 	  Even if enabled, will have no effect on CPUs that do not
 	  require this feature.
+
+config X86_RETPOLINE
+	bool "Build with retpolines enabled in x86 assembly code"
+	depends on USERSPACE
+	help
+	  This is recommended on platforms with speculative executions, to
+	  protect against branch target injection (AKA Spectre-V2).  Full
+	  description of how retpolines work can be found here[1].
+
+	  [1] https://support.google.com/faqs/answer/7625886

include/arch/x86/asm.h

@@ -27,7 +27,7 @@
 
 #if defined(_ASMLANGUAGE)
 
-#if defined(CONFIG_RETPOLINE)
+#if defined(CONFIG_X86_RETPOLINE)
 /*
  * For a description of how retpolines are constructed for both indirect
  * jumps and indirect calls, please refer to this documentation:
@@ -72,7 +72,7 @@
 #define INDIRECT_CALL(reg)	call *reg
 #define INDIRECT_JMP(reg)	jmp *reg
 
-#endif /* CONFIG_RETPOLINE */
+#endif /* CONFIG_X86_RETPOLINE */
 
 #ifdef CONFIG_X86_KPTI
 GTEXT(z_x86_trampoline_to_user)

kernel/Kconfig

@@ -603,18 +603,6 @@ endmenu
 
 menu "Security Options"
 
-config RETPOLINE
-	bool "Build with retpolines enabled"
-	default y if !X86_NO_SPECTRE_V2
-	# Currently only implemented for x86
-	depends on X86
-	help
-	  This is recommended on platforms with speculative executions, to protect
-	  against branch target injection (AKA Spectre-V2).  Full description of
-	  how retpolines work can be found here[1].
-
-	  [1] https://support.google.com/faqs/answer/7625886
-
 config STACK_CANARIES
 	bool "Compiler stack canaries"
 	help