From: Linus Walleij <linus.walleij@linaro.org> To: Jian Cai <jiancai@google.com> Cc: "Nick Desaulniers" <ndesaulniers@google.com>, "Manoj Gupta" <manojgupta@google.com>, "Luis Lozano" <llozano@google.com>, clang-built-linux <clang-built-linux@googlegroups.com>, "Nathan Chancellor" <nathan@kernel.org>, "David Laight" <David.Laight@aculab.com>, "Will Deacon" <will@kernel.org>, "Russell King" <rmk+kernel@armlinux.org.uk>, "Russell King" <linux@armlinux.org.uk>, "Catalin Marinas" <catalin.marinas@arm.com>, "James Morris" <jmorris@namei.org>, "Serge E. Hallyn" <serge@hallyn.com>, "Arnd Bergmann" <arnd@arndb.de>, "Masahiro Yamada" <masahiroy@kernel.org>, "Krzysztof Kozlowski" <krzk@kernel.org>, "Marc Zyngier" <maz@kernel.org>, "Kees Cook" <keescook@chromium.org>, "Andreas Färber" <afaerber@suse.de>, "Ard Biesheuvel" <ardb@kernel.org>, "Ingo Molnar" <mingo@kernel.org>, "Andrew Morton" <akpm@linux-foundation.org>, "Mike Rapoport" <rppt@kernel.org>, "Mark Rutland" <mark.rutland@arm.com>, "David Brazdil" <dbrazdil@google.com>, "James Morse" <james.morse@arm.com>, "Linux ARM" <linux-arm-kernel@lists.infradead.org>, "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>, linux-security-module@vger.kernel.org Subject: Re: [PATCH v5] ARM: Implement SLS mitigation Date: Mon, 22 Mar 2021 12:45:45 +0100 [thread overview] Message-ID: <CACRpkdbF43_CjSFNu_4FUCEqOB8CebrpXJpkzeW8TnPpRELBtg@mail.gmail.com> (raw) In-Reply-To: <CA+SOCLLo2MdxCH3gFONHsKdvmGGm2vZuML9QdQfWuX2--qFEOA@mail.gmail.com> On Wed, Mar 10, 2021 at 5:43 AM Jian Cai <jiancai@google.com> wrote: > On Sat, Mar 6, 2021 at 4:25 AM Linus Walleij <linus.walleij@linaro.org> wrote: > > On Fri, Mar 5, 2021 at 12:23 AM Jian Cai <jiancai@google.com> wrote: > > > On Wed, Mar 3, 2021 at 7:04 AM Linus Walleij <linus.walleij@linaro.org> wrote: > > > I think gcc also has these options. > > > https://gcc.gnu.org/onlinedocs/gcc/AArch64-Options.html > > > > And how does that work with this part of your patch: > > > > +#define SLS_TEXT \ > > + ALIGN_FUNCTION(); \ > > + *(.text.__llvm_slsblr_thunk_*) > > > > This does not look compiler agnostic? > > You are right, GCC does generate different oraphan section names. I > will address it in the next version of the patch. Also it seems only > arm64 gcc supports -mharden-sls=* at this moment, arm32 gcc does not > support it yet. I don't know if there is any plan to implement it for > 32-bit gcc, but should we patch arm32 linker script preemptively, > assuming the sections will be named with the same pattern like how > clang does so the kernel would not fail to boot when the flag is > implemented? I think the best thing is to have something like this: Implement a macro such as this in include/linux/compiler-clang.h #define SLS_TEXT_SECTION *(.text.__llvm_slsblr_thunk_*) then the corresponding in include/linux/compiler-gcc.h but here also add a #define SLS_TEXT_SECTION #error "no compiler support" if the compiler version does not have this. I don't know the exact best approach sadly, as the patch looks now it seems a bit fragile, I wonder if you get linker warnings when this section is unused? Yours, Linus Walleij
WARNING: multiple messages have this Message-ID (diff)
From: Linus Walleij <linus.walleij@linaro.org> To: Jian Cai <jiancai@google.com> Cc: "Nick Desaulniers" <ndesaulniers@google.com>, "Manoj Gupta" <manojgupta@google.com>, "Luis Lozano" <llozano@google.com>, clang-built-linux <clang-built-linux@googlegroups.com>, "Nathan Chancellor" <nathan@kernel.org>, "David Laight" <David.Laight@aculab.com>, "Will Deacon" <will@kernel.org>, "Russell King" <rmk+kernel@armlinux.org.uk>, "Russell King" <linux@armlinux.org.uk>, "Catalin Marinas" <catalin.marinas@arm.com>, "James Morris" <jmorris@namei.org>, "Serge E. Hallyn" <serge@hallyn.com>, "Arnd Bergmann" <arnd@arndb.de>, "Masahiro Yamada" <masahiroy@kernel.org>, "Krzysztof Kozlowski" <krzk@kernel.org>, "Marc Zyngier" <maz@kernel.org>, "Kees Cook" <keescook@chromium.org>, "Andreas Färber" <afaerber@suse.de>, "Ard Biesheuvel" <ardb@kernel.org>, "Ingo Molnar" <mingo@kernel.org>, "Andrew Morton" <akpm@linux-foundation.org>, "Mike Rapoport" <rppt@kernel.org>, "Mark Rutland" <mark.rutland@arm.com>, "David Brazdil" <dbrazdil@google.com>, "James Morse" <james.morse@arm.com>, "Linux ARM" <linux-arm-kernel@lists.infradead.org>, "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>, linux-security-module@vger.kernel.org Subject: Re: [PATCH v5] ARM: Implement SLS mitigation Date: Mon, 22 Mar 2021 12:45:45 +0100 [thread overview] Message-ID: <CACRpkdbF43_CjSFNu_4FUCEqOB8CebrpXJpkzeW8TnPpRELBtg@mail.gmail.com> (raw) In-Reply-To: <CA+SOCLLo2MdxCH3gFONHsKdvmGGm2vZuML9QdQfWuX2--qFEOA@mail.gmail.com> On Wed, Mar 10, 2021 at 5:43 AM Jian Cai <jiancai@google.com> wrote: > On Sat, Mar 6, 2021 at 4:25 AM Linus Walleij <linus.walleij@linaro.org> wrote: > > On Fri, Mar 5, 2021 at 12:23 AM Jian Cai <jiancai@google.com> wrote: > > > On Wed, Mar 3, 2021 at 7:04 AM Linus Walleij <linus.walleij@linaro.org> wrote: > > > I think gcc also has these options. > > > https://gcc.gnu.org/onlinedocs/gcc/AArch64-Options.html > > > > And how does that work with this part of your patch: > > > > +#define SLS_TEXT \ > > + ALIGN_FUNCTION(); \ > > + *(.text.__llvm_slsblr_thunk_*) > > > > This does not look compiler agnostic? > > You are right, GCC does generate different oraphan section names. I > will address it in the next version of the patch. Also it seems only > arm64 gcc supports -mharden-sls=* at this moment, arm32 gcc does not > support it yet. I don't know if there is any plan to implement it for > 32-bit gcc, but should we patch arm32 linker script preemptively, > assuming the sections will be named with the same pattern like how > clang does so the kernel would not fail to boot when the flag is > implemented? I think the best thing is to have something like this: Implement a macro such as this in include/linux/compiler-clang.h #define SLS_TEXT_SECTION *(.text.__llvm_slsblr_thunk_*) then the corresponding in include/linux/compiler-gcc.h but here also add a #define SLS_TEXT_SECTION #error "no compiler support" if the compiler version does not have this. I don't know the exact best approach sadly, as the patch looks now it seems a bit fragile, I wonder if you get linker warnings when this section is unused? Yours, Linus Walleij _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2021-03-22 11:46 UTC|newest] Thread overview: 58+ messages / expand[flat|nested] mbox.gz Atom feed top 2021-02-12 5:14 [PATCH] ARM: Implement Clang's SLS mitigation Jian Cai 2021-02-12 5:14 ` Jian Cai 2021-02-12 5:55 ` Nathan Chancellor 2021-02-12 5:55 ` Nathan Chancellor 2021-02-12 10:41 ` David Laight 2021-02-12 10:41 ` David Laight 2021-02-12 19:52 ` [PATCH v2] " Jian Cai 2021-02-12 19:52 ` Jian Cai 2021-02-17 9:49 ` Will Deacon 2021-02-17 9:49 ` Will Deacon 2021-02-17 11:05 ` David Laight 2021-02-17 11:05 ` David Laight 2021-03-25 14:01 ` Linus Walleij 2021-03-25 14:01 ` Linus Walleij 2021-02-17 18:20 ` Nick Desaulniers 2021-02-17 18:20 ` Nick Desaulniers 2021-02-19 20:18 ` [PATCH v3] ARM: Implement " Jian Cai 2021-02-19 20:18 ` Jian Cai 2021-02-19 20:30 ` Nathan Chancellor 2021-02-19 20:30 ` Nathan Chancellor 2021-02-19 23:08 ` [PATCH v4] " Jian Cai 2021-02-19 23:08 ` Jian Cai 2021-02-21 10:13 ` Russell King - ARM Linux admin 2021-02-21 10:13 ` Russell King - ARM Linux admin 2021-02-22 11:58 ` Will Deacon 2021-02-22 11:58 ` Will Deacon 2021-02-22 21:50 ` Jian Cai 2021-02-22 21:50 ` Jian Cai 2021-02-23 10:04 ` Will Deacon 2021-02-23 10:04 ` Will Deacon 2021-03-03 15:18 ` Linus Walleij 2021-03-03 15:18 ` Linus Walleij 2021-03-03 15:29 ` David Laight 2021-03-03 15:29 ` David Laight 2021-03-03 15:31 ` Linus Walleij 2021-03-03 15:31 ` Linus Walleij 2021-02-23 2:31 ` [PATCH v5] " Jian Cai 2021-02-23 2:31 ` Jian Cai 2021-02-23 2:35 ` Jian Cai 2021-02-23 2:35 ` Jian Cai 2021-03-03 15:04 ` Linus Walleij 2021-03-03 15:04 ` Linus Walleij 2021-03-04 23:22 ` Jian Cai 2021-03-04 23:22 ` Jian Cai 2021-03-06 12:25 ` Linus Walleij 2021-03-06 12:25 ` Linus Walleij 2021-03-10 4:43 ` Jian Cai 2021-03-10 4:43 ` Jian Cai 2021-03-22 11:45 ` Linus Walleij [this message] 2021-03-22 11:45 ` Linus Walleij 2021-03-23 22:39 ` Jian Cai 2021-03-23 22:39 ` Jian Cai 2021-03-05 0:53 ` [PATCH v6] " Jian Cai 2021-03-05 0:53 ` Jian Cai 2021-03-05 9:52 ` Will Deacon 2021-03-05 9:52 ` Will Deacon 2021-03-06 12:27 ` Linus Walleij 2021-03-06 12:27 ` Linus Walleij
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=CACRpkdbF43_CjSFNu_4FUCEqOB8CebrpXJpkzeW8TnPpRELBtg@mail.gmail.com \ --to=linus.walleij@linaro.org \ --cc=David.Laight@aculab.com \ --cc=afaerber@suse.de \ --cc=akpm@linux-foundation.org \ --cc=ardb@kernel.org \ --cc=arnd@arndb.de \ --cc=catalin.marinas@arm.com \ --cc=clang-built-linux@googlegroups.com \ --cc=dbrazdil@google.com \ --cc=james.morse@arm.com \ --cc=jiancai@google.com \ --cc=jmorris@namei.org \ --cc=keescook@chromium.org \ --cc=krzk@kernel.org \ --cc=linux-arm-kernel@lists.infradead.org \ --cc=linux-kernel@vger.kernel.org \ --cc=linux-security-module@vger.kernel.org \ --cc=linux@armlinux.org.uk \ --cc=llozano@google.com \ --cc=manojgupta@google.com \ --cc=mark.rutland@arm.com \ --cc=masahiroy@kernel.org \ --cc=maz@kernel.org \ --cc=mingo@kernel.org \ --cc=nathan@kernel.org \ --cc=ndesaulniers@google.com \ --cc=rmk+kernel@armlinux.org.uk \ --cc=rppt@kernel.org \ --cc=serge@hallyn.com \ --cc=will@kernel.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.