From: Linus Walleij <linus.walleij@linaro.org>
To: Will Deacon <will@kernel.org>
Cc: "Jian Cai" <jiancai@google.com>,
"Nick Desaulniers" <ndesaulniers@google.com>,
"Manoj Gupta" <manojgupta@google.com>,
"Luis Lozano" <llozano@google.com>,
clang-built-linux <clang-built-linux@googlegroups.com>,
"Nathan Chancellor" <nathan@kernel.org>,
"David Laight" <David.Laight@aculab.com>,
"Russell King" <linux@armlinux.org.uk>,
"Catalin Marinas" <catalin.marinas@arm.com>,
"James Morris" <jmorris@namei.org>,
"Serge E. Hallyn" <serge@hallyn.com>,
"Arnd Bergmann" <arnd@arndb.de>,
"Masahiro Yamada" <masahiroy@kernel.org>,
"Kees Cook" <keescook@chromium.org>,
"Ard Biesheuvel" <ardb@kernel.org>,
"Andreas Färber" <afaerber@suse.de>,
"Ingo Molnar" <mingo@kernel.org>, "Marc Zyngier" <maz@kernel.org>,
"Andrew Morton" <akpm@linux-foundation.org>,
"Mike Rapoport" <rppt@kernel.org>,
"Mark Rutland" <mark.rutland@arm.com>,
"David Brazdil" <dbrazdil@google.com>,
"James Morse" <james.morse@arm.com>,
"Linux ARM" <linux-arm-kernel@lists.infradead.org>,
"Linux Kernel Mailing List" <linux-kernel@vger.kernel.org>,
linux-security-module@vger.kernel.org
Subject: Re: [PATCH v4] ARM: Implement SLS mitigation
Date: Wed, 3 Mar 2021 16:18:32 +0100 [thread overview]
Message-ID: <CACRpkdYaSEb8bAztR-s_K17K+Zqusiofwa_dSjz-cwM2+N=57A@mail.gmail.com> (raw)
In-Reply-To: <20210223100453.GB10254@willie-the-truck>
On Tue, Feb 23, 2021 at 11:05 AM Will Deacon <will@kernel.org> wrote:
> On Mon, Feb 22, 2021 at 01:50:06PM -0800, Jian Cai wrote:
> > I am not sure if there are any plans to protect assembly code and I
> > will leave it to the Arm folks since they know a whole lot better. But
> > even without that part, we should still have better protection,
> > especially when overhead does not look too bad: I did some preliminary
> > experiments on ChromeOS, code size of vmlinux increased 3%, and there
> > were no noticeable changes to run-time performance of the benchmarks I
> > used.
>
> If the mitigation is required, I'm not sure I see a lot of point in only
> doing a half-baked job of it. It feels a bit like a box-ticking exercise,
> in which case any overhead is too much.
I wrote some suggestions on follow-ups in my reply, and I can
help out doing some of the patches, I think.
Since ARM32 RET is mov pc, <>
git grep 'mov.*pc,' | wc -l gives 93 sites in arch/arm.
I suppose these need to come out:
mov pc, lr
dsb(nsh);
isb();
As ARM32 doesn't have sb my idea is to make a macro
"sb" that resolves to dsb/isb when this is enabled and then
we could start patching all the assembly users with that as
well. I need the Kconfig symbol from this patch though.
I also suggest selecting this mitigation as part of
HARDEN_BRANCH_PREDICTOR, by the token that either
you want all of them or none of them.
Yours,
Linus Walleij
WARNING: multiple messages have this Message-ID (diff)
From: Linus Walleij <linus.walleij@linaro.org>
To: Will Deacon <will@kernel.org>
Cc: "Jian Cai" <jiancai@google.com>,
"Nick Desaulniers" <ndesaulniers@google.com>,
"Manoj Gupta" <manojgupta@google.com>,
"Luis Lozano" <llozano@google.com>,
clang-built-linux <clang-built-linux@googlegroups.com>,
"Nathan Chancellor" <nathan@kernel.org>,
"David Laight" <David.Laight@aculab.com>,
"Russell King" <linux@armlinux.org.uk>,
"Catalin Marinas" <catalin.marinas@arm.com>,
"James Morris" <jmorris@namei.org>,
"Serge E. Hallyn" <serge@hallyn.com>,
"Arnd Bergmann" <arnd@arndb.de>,
"Masahiro Yamada" <masahiroy@kernel.org>,
"Kees Cook" <keescook@chromium.org>,
"Ard Biesheuvel" <ardb@kernel.org>,
"Andreas Färber" <afaerber@suse.de>,
"Ingo Molnar" <mingo@kernel.org>, "Marc Zyngier" <maz@kernel.org>,
"Andrew Morton" <akpm@linux-foundation.org>,
"Mike Rapoport" <rppt@kernel.org>,
"Mark Rutland" <mark.rutland@arm.com>,
"David Brazdil" <dbrazdil@google.com>,
"James Morse" <james.morse@arm.com>,
"Linux ARM" <linux-arm-kernel@lists.infradead.org>,
"Linux Kernel Mailing List" <linux-kernel@vger.kernel.org>,
linux-security-module@vger.kernel.org
Subject: Re: [PATCH v4] ARM: Implement SLS mitigation
Date: Wed, 3 Mar 2021 16:18:32 +0100 [thread overview]
Message-ID: <CACRpkdYaSEb8bAztR-s_K17K+Zqusiofwa_dSjz-cwM2+N=57A@mail.gmail.com> (raw)
In-Reply-To: <20210223100453.GB10254@willie-the-truck>
On Tue, Feb 23, 2021 at 11:05 AM Will Deacon <will@kernel.org> wrote:
> On Mon, Feb 22, 2021 at 01:50:06PM -0800, Jian Cai wrote:
> > I am not sure if there are any plans to protect assembly code and I
> > will leave it to the Arm folks since they know a whole lot better. But
> > even without that part, we should still have better protection,
> > especially when overhead does not look too bad: I did some preliminary
> > experiments on ChromeOS, code size of vmlinux increased 3%, and there
> > were no noticeable changes to run-time performance of the benchmarks I
> > used.
>
> If the mitigation is required, I'm not sure I see a lot of point in only
> doing a half-baked job of it. It feels a bit like a box-ticking exercise,
> in which case any overhead is too much.
I wrote some suggestions on follow-ups in my reply, and I can
help out doing some of the patches, I think.
Since ARM32 RET is mov pc, <>
git grep 'mov.*pc,' | wc -l gives 93 sites in arch/arm.
I suppose these need to come out:
mov pc, lr
dsb(nsh);
isb();
As ARM32 doesn't have sb my idea is to make a macro
"sb" that resolves to dsb/isb when this is enabled and then
we could start patching all the assembly users with that as
well. I need the Kconfig symbol from this patch though.
I also suggest selecting this mitigation as part of
HARDEN_BRANCH_PREDICTOR, by the token that either
you want all of them or none of them.
Yours,
Linus Walleij
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2021-03-03 18:42 UTC|newest]
Thread overview: 58+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-12 5:14 [PATCH] ARM: Implement Clang's SLS mitigation Jian Cai
2021-02-12 5:14 ` Jian Cai
2021-02-12 5:55 ` Nathan Chancellor
2021-02-12 5:55 ` Nathan Chancellor
2021-02-12 10:41 ` David Laight
2021-02-12 10:41 ` David Laight
2021-02-12 19:52 ` [PATCH v2] " Jian Cai
2021-02-12 19:52 ` Jian Cai
2021-02-17 9:49 ` Will Deacon
2021-02-17 9:49 ` Will Deacon
2021-02-17 11:05 ` David Laight
2021-02-17 11:05 ` David Laight
2021-03-25 14:01 ` Linus Walleij
2021-03-25 14:01 ` Linus Walleij
2021-02-17 18:20 ` Nick Desaulniers
2021-02-17 18:20 ` Nick Desaulniers
2021-02-19 20:18 ` [PATCH v3] ARM: Implement " Jian Cai
2021-02-19 20:18 ` Jian Cai
2021-02-19 20:30 ` Nathan Chancellor
2021-02-19 20:30 ` Nathan Chancellor
2021-02-19 23:08 ` [PATCH v4] " Jian Cai
2021-02-19 23:08 ` Jian Cai
2021-02-21 10:13 ` Russell King - ARM Linux admin
2021-02-21 10:13 ` Russell King - ARM Linux admin
2021-02-22 11:58 ` Will Deacon
2021-02-22 11:58 ` Will Deacon
2021-02-22 21:50 ` Jian Cai
2021-02-22 21:50 ` Jian Cai
2021-02-23 10:04 ` Will Deacon
2021-02-23 10:04 ` Will Deacon
2021-03-03 15:18 ` Linus Walleij [this message]
2021-03-03 15:18 ` Linus Walleij
2021-03-03 15:29 ` David Laight
2021-03-03 15:29 ` David Laight
2021-03-03 15:31 ` Linus Walleij
2021-03-03 15:31 ` Linus Walleij
2021-02-23 2:31 ` [PATCH v5] " Jian Cai
2021-02-23 2:31 ` Jian Cai
2021-02-23 2:35 ` Jian Cai
2021-02-23 2:35 ` Jian Cai
2021-03-03 15:04 ` Linus Walleij
2021-03-03 15:04 ` Linus Walleij
2021-03-04 23:22 ` Jian Cai
2021-03-04 23:22 ` Jian Cai
2021-03-06 12:25 ` Linus Walleij
2021-03-06 12:25 ` Linus Walleij
2021-03-10 4:43 ` Jian Cai
2021-03-10 4:43 ` Jian Cai
2021-03-22 11:45 ` Linus Walleij
2021-03-22 11:45 ` Linus Walleij
2021-03-23 22:39 ` Jian Cai
2021-03-23 22:39 ` Jian Cai
2021-03-05 0:53 ` [PATCH v6] " Jian Cai
2021-03-05 0:53 ` Jian Cai
2021-03-05 9:52 ` Will Deacon
2021-03-05 9:52 ` Will Deacon
2021-03-06 12:27 ` Linus Walleij
2021-03-06 12:27 ` Linus Walleij
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CACRpkdYaSEb8bAztR-s_K17K+Zqusiofwa_dSjz-cwM2+N=57A@mail.gmail.com' \
--to=linus.walleij@linaro.org \
--cc=David.Laight@aculab.com \
--cc=afaerber@suse.de \
--cc=akpm@linux-foundation.org \
--cc=ardb@kernel.org \
--cc=arnd@arndb.de \
--cc=catalin.marinas@arm.com \
--cc=clang-built-linux@googlegroups.com \
--cc=dbrazdil@google.com \
--cc=james.morse@arm.com \
--cc=jiancai@google.com \
--cc=jmorris@namei.org \
--cc=keescook@chromium.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=linux@armlinux.org.uk \
--cc=llozano@google.com \
--cc=manojgupta@google.com \
--cc=mark.rutland@arm.com \
--cc=masahiroy@kernel.org \
--cc=maz@kernel.org \
--cc=mingo@kernel.org \
--cc=nathan@kernel.org \
--cc=ndesaulniers@google.com \
--cc=rppt@kernel.org \
--cc=serge@hallyn.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.