From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0E857C433DB for ; Wed, 3 Mar 2021 19:40:17 +0000 (UTC) Received: from desiato.infradead.org (desiato.infradead.org [90.155.92.199]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 60516601FB for ; Wed, 3 Mar 2021 19:40:16 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 60516601FB Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=desiato.20200630; h=Sender:Content-Transfer-Encoding :Content-Type:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:Cc:To:Subject:Message-ID:Date:From:In-Reply-To: References:MIME-Version:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=tmNMQBtBmr6BKcsA9QrTZFQdj/B1X5rG8Bh2rErl+ws=; b=WfRytWAcOTrwHWX4LFI3g+HN2 SF2+/+AdD553hhRBG21tn0BNKdt7xwTjrlJtp2GbA0l6dfncyzrsrtNkfm+WXcXIKxe3E7jrGqZBN Qplhi7BNtpg6wThFclz9zn3zI3tqBWm+3KNuqZywc1MPauhZQbDxxzCienQFzDNm441cS/edF7brp jllCeHyhEUwNXhPQF3Aio8yFb6IhXHS5FRHs7d8d2yBuPf8QYx8HWgfYZuRYPnuqc+X3lwYM0dT8p VvXIR6Tj2OXKdu//OMMVRjnazgCxKtBJg3atq76gqMyERYTH4E6rFv6K8IDgd9MnVtvrp4n1t+v/o Pj2hpD5Kw==; Received: from localhost ([::1] helo=desiato.infradead.org) by desiato.infradead.org with esmtp (Exim 4.94 #2 (Red Hat Linux)) id 1lHXJh-006FU3-8n; Wed, 03 Mar 2021 19:37:54 +0000 Received: from mail-lf1-x12c.google.com ([2a00:1450:4864:20::12c]) by desiato.infradead.org with esmtps (Exim 4.94 #2 (Red Hat Linux)) id 1lHT3Y-005I5w-Ao for linux-arm-kernel@lists.infradead.org; Wed, 03 Mar 2021 15:05:00 +0000 Received: by mail-lf1-x12c.google.com with SMTP id e7so37638901lft.2 for ; Wed, 03 Mar 2021 07:04:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=RAU+oF5abLpOatKR6GoNs0xhW7zYpMa0vIglwnJvvdg=; b=TXjhTZG7o4n5bxO+2rz3ZIatg4fz7wrYFZRfWehMJbbvQvWXqTzvq7Yyxc/V+rxHSP fLDpnURO2RHIGMA0mJnT2UfCmKwc152iZKeIXdKhkO2ZKVx0F7067lsAeLTrO+wteFXE h2C7EnX3ZjEudvNE1bIupubFD88jPsxE+uh8vr5zD8wBjFtgE/hgCEdlCVdsrYs7KwaS 6V7VVBhAky65ZFa+aKvy9i8fNgIgTe6ZVsDBYWpjblE++wUpIA+YWuUOf1Uu9dx/qkUW 8UDFtPLiF/Vd1jHQnjnJB6FGzbw+gvB1PQB3CC4npvI0IMcllIhbZO7wZytSfUDf38Oe wvUw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=RAU+oF5abLpOatKR6GoNs0xhW7zYpMa0vIglwnJvvdg=; b=Fcl4lyQcQdqIBf00PnzpewddgWvj3FLEHTzwyby1nHk+eYQNmviAygloCoiYx6ZUxV HGxhOPrBt0z8CWZlmRnK9NnjbGZvMbVOBb4z1iA7Q0x6qCbc8M4RjY91pD7nwEfIy0rT r2OqVfEviaEOOqvdi9avLmcHwz/QWgp8VRX9BcOsy7YbpiiLwNEHu2KdL48J7I4X5c7H Ik8CNMPGgfJk0SXV2yNBt4LFAN0pP5RlZyBvN7Wx7R2Y6rE3DMY/WrX747ytEB8H6BKr JNlskUbTKdyOHkiWu3476k/vpD/DBTrxTbsyChGhNsKyKGZIS3jyU5rsnAx5OHkmoGbN ST2A== X-Gm-Message-State: AOAM530EymLh2wmIZivQeOQmw88R83DokmGmVH7EVx2v18BhPy3IPF75 s/m24HKquB1SmQySR6rFWslTcY5MukqGe/qi8SOGCw== X-Google-Smtp-Source: ABdhPJzhn3AMqF86AcKRF6zE/lHio+2SRjlvtPdzQzkcMe7iFMLKCCIbtQi+Q4Qq7MhFPtEH8qf3gLsz5rcxlUqR6Yw= X-Received: by 2002:ac2:4d95:: with SMTP id g21mr16105295lfe.29.1614783893687; Wed, 03 Mar 2021 07:04:53 -0800 (PST) MIME-Version: 1.0 References: <20210223023125.2265845-1-jiancai@google.com> <20210223023542.2287529-1-jiancai@google.com> In-Reply-To: <20210223023542.2287529-1-jiancai@google.com> From: Linus Walleij Date: Wed, 3 Mar 2021 16:04:42 +0100 Message-ID: Subject: Re: [PATCH v5] ARM: Implement SLS mitigation To: Jian Cai Cc: Nick Desaulniers , manojgupta@google.com, llozano@google.com, clang-built-linux , Nathan Chancellor , David Laight , Will Deacon , Russell King , Russell King , Catalin Marinas , James Morris , "Serge E. Hallyn" , Arnd Bergmann , Masahiro Yamada , Krzysztof Kozlowski , Marc Zyngier , Kees Cook , =?UTF-8?Q?Andreas_F=C3=A4rber?= , Ard Biesheuvel , Ingo Molnar , Andrew Morton , Mike Rapoport , Mark Rutland , David Brazdil , James Morse , Linux ARM , "linux-kernel@vger.kernel.org" , linux-security-module@vger.kernel.org X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org On Tue, Feb 23, 2021 at 3:36 AM Jian Cai wrote: > This patch adds CONFIG_HARDEN_SLS_ALL that can be used to turn on > -mharden-sls=all, which mitigates the straight-line speculation > vulnerability, speculative execution of the instruction following some > unconditional jumps. Notice -mharden-sls= has other options as below, > and this config turns on the strongest option. > > all: enable all mitigations against Straight Line Speculation that are implemented. > none: disable all mitigations against Straight Line Speculation. > retbr: enable the mitigation against Straight Line Speculation for RET and BR instructions. > blr: enable the mitigation against Straight Line Speculation for BLR instructions. I heard about compiler protection for this, so nice to see it happening! Would you happen to know if there is any plan to do the same for GCC? I know you folks at Google like LLVM, but if you know let us know. > +config HARDEN_SLS_ALL > + bool "enable SLS vulnerability hardening" I would go in and also edit arch/arm/mm/Kconfig under: config HARDEN_BRANCH_PREDICTOR add select HARDEN_SLS_ALL Because if the user wants hardening for branch prediction in general then the user certainly wants this as well, if available. The help text for that option literally says: "This config option will take CPU-specific actions to harden the branch predictor against aliasing attacks and may rely on specific instruction sequences or control bits being set by the system firmware." Notice this only turns on for CPUs with CPU_SPECTRE defined which makes sense. Also it is default y which fulfils Will's request that it be turned on by default where applicable. Notably it will not be turned on for pre-v7 silicon which would be unhelpful as they don't suffer from these bugs. Reading Kristofs compiler patch here: https://reviews.llvm.org/rG195f44278c4361a4a32377a98a1e3a15203d3647 I take it that for affected CPUs we should also patch all assembly in the kernel containing a RET, BR or BLR with DSB SYS followed by ISB? I suppose we would also need to look for any mov PC, <> code... I guess we can invent a "SB" macro to mimic what Aarch64 is doing so the code is easy to read. (Thinking aloud.) Yours, Linus Walleij _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel