linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Jian Cai <jiancai@google.com>
To: Linus Walleij <linus.walleij@linaro.org>
Cc: "Nick Desaulniers" <ndesaulniers@google.com>,
	"Manoj Gupta" <manojgupta@google.com>,
	"Luis Lozano" <llozano@google.com>,
	clang-built-linux <clang-built-linux@googlegroups.com>,
	"Nathan Chancellor" <nathan@kernel.org>,
	"David Laight" <David.Laight@aculab.com>,
	"Will Deacon" <will@kernel.org>,
	"Russell King" <rmk+kernel@armlinux.org.uk>,
	"Russell King" <linux@armlinux.org.uk>,
	"Catalin Marinas" <catalin.marinas@arm.com>,
	"James Morris" <jmorris@namei.org>,
	"Serge E. Hallyn" <serge@hallyn.com>,
	"Arnd Bergmann" <arnd@arndb.de>,
	"Masahiro Yamada" <masahiroy@kernel.org>,
	"Krzysztof Kozlowski" <krzk@kernel.org>,
	"Marc Zyngier" <maz@kernel.org>,
	"Kees Cook" <keescook@chromium.org>,
	"Andreas Färber" <afaerber@suse.de>,
	"Ard Biesheuvel" <ardb@kernel.org>,
	"Ingo Molnar" <mingo@kernel.org>,
	"Andrew Morton" <akpm@linux-foundation.org>,
	"Mike Rapoport" <rppt@kernel.org>,
	"Mark Rutland" <mark.rutland@arm.com>,
	"David Brazdil" <dbrazdil@google.com>,
	"James Morse" <james.morse@arm.com>,
	"Linux ARM" <linux-arm-kernel@lists.infradead.org>,
	"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
	linux-security-module@vger.kernel.org
Subject: Re: [PATCH v5] ARM: Implement SLS mitigation
Date: Tue, 9 Mar 2021 20:43:28 -0800	[thread overview]
Message-ID: <CA+SOCLLo2MdxCH3gFONHsKdvmGGm2vZuML9QdQfWuX2--qFEOA@mail.gmail.com> (raw)
In-Reply-To: <CACRpkdYrqy78EfB_+UY0QtA0v0tD+_+O09Pod8-1Vd-p-VyMWA@mail.gmail.com>

On Sat, Mar 6, 2021 at 4:25 AM Linus Walleij <linus.walleij@linaro.org> wrote:
>
> On Fri, Mar 5, 2021 at 12:23 AM Jian Cai <jiancai@google.com> wrote:
> > On Wed, Mar 3, 2021 at 7:04 AM Linus Walleij <linus.walleij@linaro.org> wrote:
> > >
> > > On Tue, Feb 23, 2021 at 3:36 AM Jian Cai <jiancai@google.com> wrote:
> > >
> > > > This patch adds CONFIG_HARDEN_SLS_ALL that can be used to turn on
> > > > -mharden-sls=all, which mitigates the straight-line speculation
> > > > vulnerability, speculative execution of the instruction following some
> > > > unconditional jumps. Notice -mharden-sls= has other options as below,
> > > > and this config turns on the strongest option.
> > > >
> > > > all: enable all mitigations against Straight Line Speculation that are implemented.
> > > > none: disable all mitigations against Straight Line Speculation.
> > > > retbr: enable the mitigation against Straight Line Speculation for RET and BR instructions.
> > > > blr: enable the mitigation against Straight Line Speculation for BLR instructions.
> > >
> > > I heard about compiler protection for this, so nice to see it happening!
> > >
> > > Would you happen to know if there is any plan to do the same for GCC?
> > > I know you folks at Google like LLVM, but if you know let us know.
> >
> > I think gcc also has these options.
> > https://gcc.gnu.org/onlinedocs/gcc/AArch64-Options.html
>
> And how does that work with this part of your patch:
>
> +#define SLS_TEXT                                       \
> +       ALIGN_FUNCTION();                              \
> +       *(.text.__llvm_slsblr_thunk_*)
>
> This does not look compiler agnostic?
>

You are right, GCC does generate different oraphan section names. I
will address it in the next version of the patch. Also it seems only
arm64 gcc supports -mharden-sls=* at this moment, arm32 gcc does not
support it yet. I don't know if there is any plan to implement it for
32-bit gcc, but should we patch arm32 linker script preemptively,
assuming the sections will be named with the same pattern like how
clang does so the kernel would not fail to boot when the flag is
implemented?

Thanks,
Jian

> Yours,
> Linus Walleij

  reply	other threads:[~2021-03-10  4:45 UTC|newest]

Thread overview: 29+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-02-12  5:14 [PATCH] ARM: Implement Clang's SLS mitigation Jian Cai
2021-02-12  5:55 ` Nathan Chancellor
2021-02-12 10:41   ` David Laight
2021-02-12 19:52     ` [PATCH v2] " Jian Cai
2021-02-17  9:49       ` Will Deacon
2021-02-17 11:05         ` David Laight
2021-03-25 14:01         ` Linus Walleij
2021-02-17 18:20       ` Nick Desaulniers
2021-02-19 20:18       ` [PATCH v3] ARM: Implement " Jian Cai
2021-02-19 20:30         ` Nathan Chancellor
2021-02-19 23:08         ` [PATCH v4] " Jian Cai
2021-02-21 10:13           ` Russell King - ARM Linux admin
2021-02-22 11:58           ` Will Deacon
2021-02-22 21:50             ` Jian Cai
2021-02-23 10:04               ` Will Deacon
2021-03-03 15:18                 ` Linus Walleij
2021-03-03 15:29                   ` David Laight
2021-03-03 15:31                     ` Linus Walleij
2021-02-23  2:31           ` [PATCH v5] " Jian Cai
2021-02-23  2:35             ` Jian Cai
2021-03-03 15:04               ` Linus Walleij
2021-03-04 23:22                 ` Jian Cai
2021-03-06 12:25                   ` Linus Walleij
2021-03-10  4:43                     ` Jian Cai [this message]
2021-03-22 11:45                       ` Linus Walleij
2021-03-23 22:39                         ` Jian Cai
2021-03-05  0:53               ` [PATCH v6] " Jian Cai
2021-03-05  9:52                 ` Will Deacon
2021-03-06 12:27                   ` Linus Walleij

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CA+SOCLLo2MdxCH3gFONHsKdvmGGm2vZuML9QdQfWuX2--qFEOA@mail.gmail.com \
    --to=jiancai@google.com \
    --cc=David.Laight@aculab.com \
    --cc=afaerber@suse.de \
    --cc=akpm@linux-foundation.org \
    --cc=ardb@kernel.org \
    --cc=arnd@arndb.de \
    --cc=catalin.marinas@arm.com \
    --cc=clang-built-linux@googlegroups.com \
    --cc=dbrazdil@google.com \
    --cc=james.morse@arm.com \
    --cc=jmorris@namei.org \
    --cc=keescook@chromium.org \
    --cc=krzk@kernel.org \
    --cc=linus.walleij@linaro.org \
    --cc=linux-arm-kernel@lists.infradead.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=linux@armlinux.org.uk \
    --cc=llozano@google.com \
    --cc=manojgupta@google.com \
    --cc=mark.rutland@arm.com \
    --cc=masahiroy@kernel.org \
    --cc=maz@kernel.org \
    --cc=mingo@kernel.org \
    --cc=nathan@kernel.org \
    --cc=ndesaulniers@google.com \
    --cc=rmk+kernel@armlinux.org.uk \
    --cc=rppt@kernel.org \
    --cc=serge@hallyn.com \
    --cc=will@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).