From: Russell King - ARM Linux admin <linux@armlinux.org.uk> To: Jian Cai <jiancai@google.com> Cc: "Mark Rutland" <mark.rutland@arm.com>, "Catalin Marinas" <catalin.marinas@arm.com>, "Linus Walleij" <linus.walleij@linaro.org>, "James Morris" <jmorris@namei.org>, manojgupta@google.com, "Will Deacon" <will@kernel.org>, "Ingo Molnar" <mingo@kernel.org>, "Marc Zyngier" <maz@kernel.org>, "Masahiro Yamada" <masahiroy@kernel.org>, "Ard Biesheuvel" <ardb@kernel.org>, clang-built-linux@googlegroups.com, llozano@google.com, "David Brazdil" <dbrazdil@google.com>, "Serge E. Hallyn" <serge@hallyn.com>, "Kees Cook" <keescook@chromium.org>, "Arnd Bergmann" <arnd@arndb.de>, "Nathan Chancellor" <nathan@kernel.org>, linux-arm-kernel@lists.infradead.org, ndesaulniers@google.com, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, "David Laight" <David.Laight@aculab.com>, "James Morse" <james.morse@arm.com>, "Andrew Morton" <akpm@linux-foundation.org>, "Andreas Färber" <afaerber@suse.de>, "Mike Rapoport" <rppt@kernel.org> Subject: Re: [PATCH v4] ARM: Implement SLS mitigation Date: Sun, 21 Feb 2021 10:13:17 +0000 [thread overview] Message-ID: <20210221101317.GN1463@shell.armlinux.org.uk> (raw) In-Reply-To: <20210219230841.875875-1-jiancai@google.com> On Fri, Feb 19, 2021 at 03:08:13PM -0800, Jian Cai wrote: > diff --git a/security/Kconfig.hardening b/security/Kconfig.hardening > index 269967c4fc1b..146b75a79d9e 100644 > --- a/security/Kconfig.hardening > +++ b/security/Kconfig.hardening > @@ -121,6 +121,16 @@ choice > > endchoice > > +config HARDEN_SLS_ALL > + bool "enable SLS vulnerability hardening" > + default n Please get rid of this useless "default n" > + depends on $(cc-option,-mharden-sls=all) > + help > + Enables straight-line speculation vulnerability hardening on ARM and ARM64 > + architectures. It inserts speculation barrier sequences (SB or DSB+ISB > + depending on the target architecture) after RET and BR, and replacing > + BLR with BL+BR sequence. Given that this is in an architecture independent Kconfig file, and it detects support in CC for this feature, why should this help text be written to be specific to a couple of architectures? Will this feature only ever be available on these two architectures? What if someone adds support for another architecture? -- RMK's Patch system: https://www.armlinux.org.uk/developer/patches/ FTTP is here! 40Mbps down 10Mbps up. Decent connectivity at last!
WARNING: multiple messages have this Message-ID (diff)
From: Russell King - ARM Linux admin <linux@armlinux.org.uk> To: Jian Cai <jiancai@google.com> Cc: "Mark Rutland" <mark.rutland@arm.com>, "Catalin Marinas" <catalin.marinas@arm.com>, "Linus Walleij" <linus.walleij@linaro.org>, manojgupta@google.com, "Will Deacon" <will@kernel.org>, "Ard Biesheuvel" <ardb@kernel.org>, "Marc Zyngier" <maz@kernel.org>, "Masahiro Yamada" <masahiroy@kernel.org>, "James Morris" <jmorris@namei.org>, "Ingo Molnar" <mingo@kernel.org>, clang-built-linux@googlegroups.com, llozano@google.com, "David Brazdil" <dbrazdil@google.com>, "Serge E. Hallyn" <serge@hallyn.com>, "Kees Cook" <keescook@chromium.org>, "Arnd Bergmann" <arnd@arndb.de>, "Nathan Chancellor" <nathan@kernel.org>, linux-arm-kernel@lists.infradead.org, ndesaulniers@google.com, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, "David Laight" <David.Laight@aculab.com>, "James Morse" <james.morse@arm.com>, "Andrew Morton" <akpm@linux-foundation.org>, "Andreas Färber" <afaerber@suse.de>, "Mike Rapoport" <rppt@kernel.org> Subject: Re: [PATCH v4] ARM: Implement SLS mitigation Date: Sun, 21 Feb 2021 10:13:17 +0000 [thread overview] Message-ID: <20210221101317.GN1463@shell.armlinux.org.uk> (raw) In-Reply-To: <20210219230841.875875-1-jiancai@google.com> On Fri, Feb 19, 2021 at 03:08:13PM -0800, Jian Cai wrote: > diff --git a/security/Kconfig.hardening b/security/Kconfig.hardening > index 269967c4fc1b..146b75a79d9e 100644 > --- a/security/Kconfig.hardening > +++ b/security/Kconfig.hardening > @@ -121,6 +121,16 @@ choice > > endchoice > > +config HARDEN_SLS_ALL > + bool "enable SLS vulnerability hardening" > + default n Please get rid of this useless "default n" > + depends on $(cc-option,-mharden-sls=all) > + help > + Enables straight-line speculation vulnerability hardening on ARM and ARM64 > + architectures. It inserts speculation barrier sequences (SB or DSB+ISB > + depending on the target architecture) after RET and BR, and replacing > + BLR with BL+BR sequence. Given that this is in an architecture independent Kconfig file, and it detects support in CC for this feature, why should this help text be written to be specific to a couple of architectures? Will this feature only ever be available on these two architectures? What if someone adds support for another architecture? -- RMK's Patch system: https://www.armlinux.org.uk/developer/patches/ FTTP is here! 40Mbps down 10Mbps up. Decent connectivity at last! _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2021-02-21 10:14 UTC|newest] Thread overview: 58+ messages / expand[flat|nested] mbox.gz Atom feed top 2021-02-12 5:14 [PATCH] ARM: Implement Clang's SLS mitigation Jian Cai 2021-02-12 5:14 ` Jian Cai 2021-02-12 5:55 ` Nathan Chancellor 2021-02-12 5:55 ` Nathan Chancellor 2021-02-12 10:41 ` David Laight 2021-02-12 10:41 ` David Laight 2021-02-12 19:52 ` [PATCH v2] " Jian Cai 2021-02-12 19:52 ` Jian Cai 2021-02-17 9:49 ` Will Deacon 2021-02-17 9:49 ` Will Deacon 2021-02-17 11:05 ` David Laight 2021-02-17 11:05 ` David Laight 2021-03-25 14:01 ` Linus Walleij 2021-03-25 14:01 ` Linus Walleij 2021-02-17 18:20 ` Nick Desaulniers 2021-02-17 18:20 ` Nick Desaulniers 2021-02-19 20:18 ` [PATCH v3] ARM: Implement " Jian Cai 2021-02-19 20:18 ` Jian Cai 2021-02-19 20:30 ` Nathan Chancellor 2021-02-19 20:30 ` Nathan Chancellor 2021-02-19 23:08 ` [PATCH v4] " Jian Cai 2021-02-19 23:08 ` Jian Cai 2021-02-21 10:13 ` Russell King - ARM Linux admin [this message] 2021-02-21 10:13 ` Russell King - ARM Linux admin 2021-02-22 11:58 ` Will Deacon 2021-02-22 11:58 ` Will Deacon 2021-02-22 21:50 ` Jian Cai 2021-02-22 21:50 ` Jian Cai 2021-02-23 10:04 ` Will Deacon 2021-02-23 10:04 ` Will Deacon 2021-03-03 15:18 ` Linus Walleij 2021-03-03 15:18 ` Linus Walleij 2021-03-03 15:29 ` David Laight 2021-03-03 15:29 ` David Laight 2021-03-03 15:31 ` Linus Walleij 2021-03-03 15:31 ` Linus Walleij 2021-02-23 2:31 ` [PATCH v5] " Jian Cai 2021-02-23 2:31 ` Jian Cai 2021-02-23 2:35 ` Jian Cai 2021-02-23 2:35 ` Jian Cai 2021-03-03 15:04 ` Linus Walleij 2021-03-03 15:04 ` Linus Walleij 2021-03-04 23:22 ` Jian Cai 2021-03-04 23:22 ` Jian Cai 2021-03-06 12:25 ` Linus Walleij 2021-03-06 12:25 ` Linus Walleij 2021-03-10 4:43 ` Jian Cai 2021-03-10 4:43 ` Jian Cai 2021-03-22 11:45 ` Linus Walleij 2021-03-22 11:45 ` Linus Walleij 2021-03-23 22:39 ` Jian Cai 2021-03-23 22:39 ` Jian Cai 2021-03-05 0:53 ` [PATCH v6] " Jian Cai 2021-03-05 0:53 ` Jian Cai 2021-03-05 9:52 ` Will Deacon 2021-03-05 9:52 ` Will Deacon 2021-03-06 12:27 ` Linus Walleij 2021-03-06 12:27 ` Linus Walleij
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20210221101317.GN1463@shell.armlinux.org.uk \ --to=linux@armlinux.org.uk \ --cc=David.Laight@aculab.com \ --cc=afaerber@suse.de \ --cc=akpm@linux-foundation.org \ --cc=ardb@kernel.org \ --cc=arnd@arndb.de \ --cc=catalin.marinas@arm.com \ --cc=clang-built-linux@googlegroups.com \ --cc=dbrazdil@google.com \ --cc=james.morse@arm.com \ --cc=jiancai@google.com \ --cc=jmorris@namei.org \ --cc=keescook@chromium.org \ --cc=linus.walleij@linaro.org \ --cc=linux-arm-kernel@lists.infradead.org \ --cc=linux-kernel@vger.kernel.org \ --cc=linux-security-module@vger.kernel.org \ --cc=llozano@google.com \ --cc=manojgupta@google.com \ --cc=mark.rutland@arm.com \ --cc=masahiroy@kernel.org \ --cc=maz@kernel.org \ --cc=mingo@kernel.org \ --cc=nathan@kernel.org \ --cc=ndesaulniers@google.com \ --cc=rppt@kernel.org \ --cc=serge@hallyn.com \ --cc=will@kernel.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.