From: Nathan Chancellor <nathan@kernel.org>
To: Jian Cai <jiancai@google.com>
Cc: linux-kernel@vger.kernel.org, "Kees Cook" <keescook@chromium.org>,
"Arnd Bergmann" <arnd@arndb.de>,
"Catalin Marinas" <catalin.marinas@arm.com>,
"Masahiro Yamada" <masahiroy@kernel.org>,
"Daniel Palmer" <daniel@0x0f.com>,
ndesaulniers@google.com, "Russell King" <linux@armlinux.org.uk>,
clang-built-linux@googlegroups.com,
linux-security-module@vger.kernel.org, manojgupta@google.com,
"Andreas Färber" <afaerber@suse.de>,
llozano@google.com, "James Morris" <jmorris@namei.org>,
"Will Deacon" <will@kernel.org>,
"Ard Biesheuvel" <ardb@kernel.org>,
linux-arm-kernel@lists.infradead.org,
"Serge E. Hallyn" <serge@hallyn.com>
Subject: Re: [PATCH] ARM: Implement Clang's SLS mitigation
Date: Thu, 11 Feb 2021 22:55:08 -0700 [thread overview]
Message-ID: <20210212055508.GA3822196@ubuntu-m3-large-x86> (raw)
In-Reply-To: <20210212051500.943179-1-jiancai@google.com>
Hi Jian,
On Thu, Feb 11, 2021 at 09:14:58PM -0800, Jian Cai wrote:
> This patch adds a config CONFIG_HARDEN_SLS_ALL that can be used to turn
Drop "a config".
> on -mharden-sls=all, which mitigates the straight-line speculation
> vulnerability, or more commonly known as Spectre, Meldown.
^ I would drop "or" here
^ drop comma,
use "and",
typo: "Meltdown"
Although, is that a fair statement? SLS is not called Spectre or
Meltdown by ARM, it is a speculative processor vulnerabilty. It
might just be better to drop eerything after the first comma (although
maybe that is just being pedantic).
>
> Notice -mharden-sls= has other options as below, and this config turns
> on the strongest option.
>
> all: enable all mitigations against Straight Line Speculation that are implemented.
> none: disable all mitigations against Straight Line Speculation.
> retbr: enable the mitigation against Straight Line Speculation for RET and BR instructions.
> blr: enable the mitigation against Straight Line Speculation for BLR instructions.
I cannot comment on whether or not this is worth doing, I will leave
that up to Will, Catalin, et al. The following comments are more from a
"regular kernel developer" perspective, rather than an "arm64 kernel
developer" :)
> Link: https://reviews.llvm.org/D93221
> Link: https://reviews.llvm.org/D81404
> Link: https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/downloads/straight-line-speculation
This is also a useful article it seems:
https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/frequently-asked-questions#SLS2
> Link: https://crbug.com/1171521
This crbug is private. If it is going into a commit message, please
publicize it.
> Suggested-by: Manoj Gupta <manojgupta@google.com>
> Signed-off-by: Jian Cai <jiancai@google.com>
> ---
> arch/arm/Makefile | 4 ++++
> arch/arm64/Makefile | 5 +++++
> security/Kconfig.hardening | 11 +++++++++++
> 3 files changed, 20 insertions(+)
>
> diff --git a/arch/arm/Makefile b/arch/arm/Makefile
> index 4aaec9599e8a..11d89ef32da9 100644
> --- a/arch/arm/Makefile
> +++ b/arch/arm/Makefile
> @@ -48,6 +48,10 @@ CHECKFLAGS += -D__ARMEL__
> KBUILD_LDFLAGS += -EL
> endif
>
> +ifeq ($(CONFIG_HARDEN_SLS_ALL), y)
> +KBUILD_CFLAGS += -mharden-sls=all
> +endif
> +
> #
> # The Scalar Replacement of Aggregates (SRA) optimization pass in GCC 4.9 and
> # later may result in code being generated that handles signed short and signed
> diff --git a/arch/arm64/Makefile b/arch/arm64/Makefile
> index 90309208bb28..8fd0ccd87eca 100644
> --- a/arch/arm64/Makefile
> +++ b/arch/arm64/Makefile
> @@ -34,6 +34,11 @@ $(warning LSE atomics not supported by binutils)
> endif
> endif
>
> +ifeq ($(CONFIG_HARDEN_SLS_ALL), y)
> +KBUILD_CFLAGS += -mharden-sls=all
> +endif
> +
> +
Extra space here
> cc_has_k_constraint := $(call try-run,echo \
> 'int main(void) { \
> asm volatile("and w0, w0, %w0" :: "K" (4294967295)); \
> diff --git a/security/Kconfig.hardening b/security/Kconfig.hardening
> index 269967c4fc1b..d83c406c81a3 100644
> --- a/security/Kconfig.hardening
> +++ b/security/Kconfig.hardening
> @@ -121,6 +121,17 @@ choice
>
> endchoice
>
> +
> +config CC_HAS_HARDEN_SLS_ALL
> + def_bool $(cc-option,-mharden-sls=all)
I do not think that CONFIG_CC_HAS_HARDEN_SLS_ALL serves much purpose.
Moving the cc-option into CONFIG_HARDEN_SLS_ALL is just as clean.
config HARDEN_SLS_ALL
bool "enable SLS vulnerability hardening"
depends on $(cc-option,-mharden-sls=all)
help
Enables straight-line speculation vulnerability hardening
at highest level.
> +
> + config HARDEN_SLS_ALL
> + bool "enable SLS vulnerability hardening"
The spacing here seems messed up, I corrected it above.
> + depends on CC_HAS_HARDEN_SLS_ALL
> + help
> + Enables straight-line speculation vulnerability hardening
> + at highest level.
> +
> config GCC_PLUGIN_STRUCTLEAK_VERBOSE
> bool "Report forcefully initialized variables"
> depends on GCC_PLUGIN_STRUCTLEAK
> --
> 2.30.0.478.g8a0d178c01-goog
>
>
Cheers,
Nathan
WARNING: multiple messages have this Message-ID (diff)
From: Nathan Chancellor <nathan@kernel.org>
To: Jian Cai <jiancai@google.com>
Cc: "Kees Cook" <keescook@chromium.org>,
"Arnd Bergmann" <arnd@arndb.de>,
"Ard Biesheuvel" <ardb@kernel.org>,
"Catalin Marinas" <catalin.marinas@arm.com>,
"Masahiro Yamada" <masahiroy@kernel.org>,
"Daniel Palmer" <daniel@0x0f.com>,
ndesaulniers@google.com, linux-kernel@vger.kernel.org,
"Russell King" <linux@armlinux.org.uk>,
clang-built-linux@googlegroups.com,
linux-security-module@vger.kernel.org, manojgupta@google.com,
llozano@google.com, "James Morris" <jmorris@namei.org>,
"Will Deacon" <will@kernel.org>,
"Andreas Färber" <afaerber@suse.de>,
linux-arm-kernel@lists.infradead.org,
"Serge E. Hallyn" <serge@hallyn.com>
Subject: Re: [PATCH] ARM: Implement Clang's SLS mitigation
Date: Thu, 11 Feb 2021 22:55:08 -0700 [thread overview]
Message-ID: <20210212055508.GA3822196@ubuntu-m3-large-x86> (raw)
In-Reply-To: <20210212051500.943179-1-jiancai@google.com>
Hi Jian,
On Thu, Feb 11, 2021 at 09:14:58PM -0800, Jian Cai wrote:
> This patch adds a config CONFIG_HARDEN_SLS_ALL that can be used to turn
Drop "a config".
> on -mharden-sls=all, which mitigates the straight-line speculation
> vulnerability, or more commonly known as Spectre, Meldown.
^ I would drop "or" here
^ drop comma,
use "and",
typo: "Meltdown"
Although, is that a fair statement? SLS is not called Spectre or
Meltdown by ARM, it is a speculative processor vulnerabilty. It
might just be better to drop eerything after the first comma (although
maybe that is just being pedantic).
>
> Notice -mharden-sls= has other options as below, and this config turns
> on the strongest option.
>
> all: enable all mitigations against Straight Line Speculation that are implemented.
> none: disable all mitigations against Straight Line Speculation.
> retbr: enable the mitigation against Straight Line Speculation for RET and BR instructions.
> blr: enable the mitigation against Straight Line Speculation for BLR instructions.
I cannot comment on whether or not this is worth doing, I will leave
that up to Will, Catalin, et al. The following comments are more from a
"regular kernel developer" perspective, rather than an "arm64 kernel
developer" :)
> Link: https://reviews.llvm.org/D93221
> Link: https://reviews.llvm.org/D81404
> Link: https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/downloads/straight-line-speculation
This is also a useful article it seems:
https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/frequently-asked-questions#SLS2
> Link: https://crbug.com/1171521
This crbug is private. If it is going into a commit message, please
publicize it.
> Suggested-by: Manoj Gupta <manojgupta@google.com>
> Signed-off-by: Jian Cai <jiancai@google.com>
> ---
> arch/arm/Makefile | 4 ++++
> arch/arm64/Makefile | 5 +++++
> security/Kconfig.hardening | 11 +++++++++++
> 3 files changed, 20 insertions(+)
>
> diff --git a/arch/arm/Makefile b/arch/arm/Makefile
> index 4aaec9599e8a..11d89ef32da9 100644
> --- a/arch/arm/Makefile
> +++ b/arch/arm/Makefile
> @@ -48,6 +48,10 @@ CHECKFLAGS += -D__ARMEL__
> KBUILD_LDFLAGS += -EL
> endif
>
> +ifeq ($(CONFIG_HARDEN_SLS_ALL), y)
> +KBUILD_CFLAGS += -mharden-sls=all
> +endif
> +
> #
> # The Scalar Replacement of Aggregates (SRA) optimization pass in GCC 4.9 and
> # later may result in code being generated that handles signed short and signed
> diff --git a/arch/arm64/Makefile b/arch/arm64/Makefile
> index 90309208bb28..8fd0ccd87eca 100644
> --- a/arch/arm64/Makefile
> +++ b/arch/arm64/Makefile
> @@ -34,6 +34,11 @@ $(warning LSE atomics not supported by binutils)
> endif
> endif
>
> +ifeq ($(CONFIG_HARDEN_SLS_ALL), y)
> +KBUILD_CFLAGS += -mharden-sls=all
> +endif
> +
> +
Extra space here
> cc_has_k_constraint := $(call try-run,echo \
> 'int main(void) { \
> asm volatile("and w0, w0, %w0" :: "K" (4294967295)); \
> diff --git a/security/Kconfig.hardening b/security/Kconfig.hardening
> index 269967c4fc1b..d83c406c81a3 100644
> --- a/security/Kconfig.hardening
> +++ b/security/Kconfig.hardening
> @@ -121,6 +121,17 @@ choice
>
> endchoice
>
> +
> +config CC_HAS_HARDEN_SLS_ALL
> + def_bool $(cc-option,-mharden-sls=all)
I do not think that CONFIG_CC_HAS_HARDEN_SLS_ALL serves much purpose.
Moving the cc-option into CONFIG_HARDEN_SLS_ALL is just as clean.
config HARDEN_SLS_ALL
bool "enable SLS vulnerability hardening"
depends on $(cc-option,-mharden-sls=all)
help
Enables straight-line speculation vulnerability hardening
at highest level.
> +
> + config HARDEN_SLS_ALL
> + bool "enable SLS vulnerability hardening"
The spacing here seems messed up, I corrected it above.
> + depends on CC_HAS_HARDEN_SLS_ALL
> + help
> + Enables straight-line speculation vulnerability hardening
> + at highest level.
> +
> config GCC_PLUGIN_STRUCTLEAK_VERBOSE
> bool "Report forcefully initialized variables"
> depends on GCC_PLUGIN_STRUCTLEAK
> --
> 2.30.0.478.g8a0d178c01-goog
>
>
Cheers,
Nathan
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2021-02-12 5:56 UTC|newest]
Thread overview: 58+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-12 5:14 [PATCH] ARM: Implement Clang's SLS mitigation Jian Cai
2021-02-12 5:14 ` Jian Cai
2021-02-12 5:55 ` Nathan Chancellor [this message]
2021-02-12 5:55 ` Nathan Chancellor
2021-02-12 10:41 ` David Laight
2021-02-12 10:41 ` David Laight
2021-02-12 19:52 ` [PATCH v2] " Jian Cai
2021-02-12 19:52 ` Jian Cai
2021-02-17 9:49 ` Will Deacon
2021-02-17 9:49 ` Will Deacon
2021-02-17 11:05 ` David Laight
2021-02-17 11:05 ` David Laight
2021-03-25 14:01 ` Linus Walleij
2021-03-25 14:01 ` Linus Walleij
2021-02-17 18:20 ` Nick Desaulniers
2021-02-17 18:20 ` Nick Desaulniers
2021-02-19 20:18 ` [PATCH v3] ARM: Implement " Jian Cai
2021-02-19 20:18 ` Jian Cai
2021-02-19 20:30 ` Nathan Chancellor
2021-02-19 20:30 ` Nathan Chancellor
2021-02-19 23:08 ` [PATCH v4] " Jian Cai
2021-02-19 23:08 ` Jian Cai
2021-02-21 10:13 ` Russell King - ARM Linux admin
2021-02-21 10:13 ` Russell King - ARM Linux admin
2021-02-22 11:58 ` Will Deacon
2021-02-22 11:58 ` Will Deacon
2021-02-22 21:50 ` Jian Cai
2021-02-22 21:50 ` Jian Cai
2021-02-23 10:04 ` Will Deacon
2021-02-23 10:04 ` Will Deacon
2021-03-03 15:18 ` Linus Walleij
2021-03-03 15:18 ` Linus Walleij
2021-03-03 15:29 ` David Laight
2021-03-03 15:29 ` David Laight
2021-03-03 15:31 ` Linus Walleij
2021-03-03 15:31 ` Linus Walleij
2021-02-23 2:31 ` [PATCH v5] " Jian Cai
2021-02-23 2:31 ` Jian Cai
2021-02-23 2:35 ` Jian Cai
2021-02-23 2:35 ` Jian Cai
2021-03-03 15:04 ` Linus Walleij
2021-03-03 15:04 ` Linus Walleij
2021-03-04 23:22 ` Jian Cai
2021-03-04 23:22 ` Jian Cai
2021-03-06 12:25 ` Linus Walleij
2021-03-06 12:25 ` Linus Walleij
2021-03-10 4:43 ` Jian Cai
2021-03-10 4:43 ` Jian Cai
2021-03-22 11:45 ` Linus Walleij
2021-03-22 11:45 ` Linus Walleij
2021-03-23 22:39 ` Jian Cai
2021-03-23 22:39 ` Jian Cai
2021-03-05 0:53 ` [PATCH v6] " Jian Cai
2021-03-05 0:53 ` Jian Cai
2021-03-05 9:52 ` Will Deacon
2021-03-05 9:52 ` Will Deacon
2021-03-06 12:27 ` Linus Walleij
2021-03-06 12:27 ` Linus Walleij
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210212055508.GA3822196@ubuntu-m3-large-x86 \
--to=nathan@kernel.org \
--cc=afaerber@suse.de \
--cc=ardb@kernel.org \
--cc=arnd@arndb.de \
--cc=catalin.marinas@arm.com \
--cc=clang-built-linux@googlegroups.com \
--cc=daniel@0x0f.com \
--cc=jiancai@google.com \
--cc=jmorris@namei.org \
--cc=keescook@chromium.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=linux@armlinux.org.uk \
--cc=llozano@google.com \
--cc=manojgupta@google.com \
--cc=masahiroy@kernel.org \
--cc=ndesaulniers@google.com \
--cc=serge@hallyn.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.