Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp2244811pxb; Tue, 23 Feb 2021 02:08:58 -0800 (PST) X-Google-Smtp-Source: ABdhPJz3fA5AZKBaOVDWeOcw1LSSFXeACeeYHncgXYIuoLdiGYRYkpdKxLoWAzjncMiU65/NtPfj X-Received: by 2002:a17:906:17d3:: with SMTP id u19mr26457377eje.316.1614074938112; Tue, 23 Feb 2021 02:08:58 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1614074938; cv=none; d=google.com; s=arc-20160816; b=NIR9q9SojwrmFpGpBDFkAk/MaOXdPEb6yMT2Ldcnul4WfyfW8pndE+wl6Z02Y3iQt8 yatSMAWeejmqDfbOw2LFMvXI5Zg35WN5KyvrPKFdqiYWArxoOpIcSkF/V4eVK/z6LMqt JJ8b19EH28SvNDozzRJdilPFmQIkWDUPT48VYVa+YAUsvdpGRS5bWzD+ec9UUGyVqN8A AIwATWmy1IRdEvOi8sWuYTYRxT3/vqN+/ZToUDih/4fdw6XE9KzR3I8zXkrfCaYlmUSt j9ngJk2qnRHljtxPtaXmAMjO5ha70NaqkAmg0JW4lyHoiiPYlDtV+lCx4MXg6rEX+NG+ YU2A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :dkim-signature; bh=qr6o6Z5KLfhizu24Qfypw30nnVJ4ZifmaNZTTCLc/uQ=; b=pUvCa9tpjASrmENe1oXYh0IoYdwHf6q8AidGRx4nZlDFghpsSMEpixJ+gHqaXpeM7G anw738Rw3YrcUwK0kvhunbmBKuSqalx9x5Y2rbOTADuVXfm5FIaFhfKGqmKjcnvQtsRY I5B2jQgRMSAFubYxl3vt4JNaTkUcqUpTy5aY+0kRwdZOKV/DABEB8yq8xHbqpDQRPUxo ywmqk9KJffL8cKcV/q2AWSfklEduPkAxgntxdEQEc/Q0UKiNaqAXT/jBGeyEWB/d/jvY tnDA+7HZCbmk+reJHjGxrVdpkb6isuy0mgKB0C/t/DO7sFweFCEFuBI4Q00B+BvnJSnw 9RSQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=WZOqzYAf; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id v18si10511246ejg.86.2021.02.23.02.08.32; Tue, 23 Feb 2021 02:08:58 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=WZOqzYAf; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231199AbhBWKFo (ORCPT + 99 others); Tue, 23 Feb 2021 05:05:44 -0500 Received: from mail.kernel.org ([198.145.29.99]:55162 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230142AbhBWKFm (ORCPT ); Tue, 23 Feb 2021 05:05:42 -0500 Received: by mail.kernel.org (Postfix) with ESMTPSA id 389EE64E22; Tue, 23 Feb 2021 10:04:57 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1614074701; bh=Wei69MTAw3cAoHZzehtkt6nVDExu19SQg53rlhzIYkc=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=WZOqzYAfqkinjCDFARp7S1HJXXBR9/a5BpaM0vR+ODhDKzZDPfF/ye7XjKQMUez35 gNYf4tHz2dZXzh6zzeOdB4V3qV1z9r5sgXIXTCI0aO5M02BEsGDwODUFLCu1Lt0bOf 0DK9G68zNyFKRYC1hCUEsoWO6316kYRolzd+VXquDUZT8xx0YR4ZC9pYlEAwapnwSR iFZl+6xr5ZixbyOTXA4xJh9vWEFM0si3FfsI5NrErO2BOcvcjSnsbqxWi1qJke/gga uJI0eyUbRiuqihtgi0hZ2CyAWZ72G2AC/8FGKqtO9r7yqQCxJpGGZu4aJGwqnQT86v k3LlYOeONI6cg== Date: Tue, 23 Feb 2021 10:04:53 +0000 From: Will Deacon To: Jian Cai Cc: Nick Desaulniers , Manoj Gupta , Luis Lozano , clang-built-linux , Nathan Chancellor , David Laight , Russell King , Catalin Marinas , James Morris , "Serge E. Hallyn" , Arnd Bergmann , Masahiro Yamada , Kees Cook , Ard Biesheuvel , Andreas =?iso-8859-1?Q?F=E4rber?= , Ingo Molnar , Linus Walleij , Marc Zyngier , Andrew Morton , Mike Rapoport , Mark Rutland , David Brazdil , James Morse , Linux ARM , Linux Kernel Mailing List , linux-security-module@vger.kernel.org Subject: Re: [PATCH v4] ARM: Implement SLS mitigation Message-ID: <20210223100453.GB10254@willie-the-truck> References: <20210219201852.3213914-1-jiancai@google.com> <20210219230841.875875-1-jiancai@google.com> <20210222115816.GA8605@willie-the-truck> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.10.1 (2018-07-13) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Feb 22, 2021 at 01:50:06PM -0800, Jian Cai wrote: > Please see my comments inlined below. > > Thanks, > Jian > > On Mon, Feb 22, 2021 at 3:58 AM Will Deacon wrote: > > > > On Fri, Feb 19, 2021 at 03:08:13PM -0800, Jian Cai wrote: > > > This patch adds CONFIG_HARDEN_SLS_ALL that can be used to turn on > > > -mharden-sls=all, which mitigates the straight-line speculation > > > vulnerability, speculative execution of the instruction following some > > > unconditional jumps. Notice -mharden-sls= has other options as below, > > > and this config turns on the strongest option. > > > > > > all: enable all mitigations against Straight Line Speculation that are implemented. > > > none: disable all mitigations against Straight Line Speculation. > > > retbr: enable the mitigation against Straight Line Speculation for RET and BR instructions. > > > blr: enable the mitigation against Straight Line Speculation for BLR instructions. > > > > > > Links: > > > https://reviews.llvm.org/D93221 > > > https://reviews.llvm.org/D81404 > > > https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/downloads/straight-line-speculation > > > https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/frequently-asked-questions#SLS2 > > > > > > Suggested-by: Manoj Gupta > > > Suggested-by: Nick Desaulniers > > > Suggested-by: Nathan Chancellor > > > Suggested-by: David Laight > > > Suggested-by: Will Deacon > > > Reviewed-by: Nathan Chancellor > > > Signed-off-by: Jian Cai > > > --- > > > > Please can you reply to my previous questions? > > > > https://lore.kernel.org/linux-arm-kernel/20210217094859.GA3706@willie-the-truck/ > > > > (apologies if you did, but I don't see them in the archive or my inbox) > > I should have clarified the suggested-by tag was in regard to the > Kconfig text change. Regarding your earlier questions, please see my > comments below. > > > So I think that either we enable this unconditionally, or we don't enable it > > at all (and people can hack their CFLAGS themselves if they want to). > > Not sure if this answers your question but this config should provide > a way for people to turn on the mitigation at their own risk. I'm not sure I see the point; either it's needed or its not. I wonder if there's a plan to fix this in future CPUs (another question for the Arm folks). > > It would be helpful for one of the Arm folks to chime in, as I'm yet to see any > > evidence that this is actually exploitable. Is it any worse that Spectre-v1, > > where we _don't_ have a compiler mitigation? > > > Finally, do we have to worry about our assembly code? > > I am not sure if there are any plans to protect assembly code and I > will leave it to the Arm folks since they know a whole lot better. But > even without that part, we should still have better protection, > especially when overhead does not look too bad: I did some preliminary > experiments on ChromeOS, code size of vmlinux increased 3%, and there > were no noticeable changes to run-time performance of the benchmarks I > used. If the mitigation is required, I'm not sure I see a lot of point in only doing a half-baked job of it. It feels a bit like a box-ticking exercise, in which case any overhead is too much. Will