Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp1580365pxb;
        Thu, 4 Mar 2021 15:23:16 -0800 (PST)
X-Google-Smtp-Source: ABdhPJw5GebdGfNsJOwmI2iQ7Oif26rucU95rG20I+c+6nF6RL8HULJqsqf9bvOWLfrYwU5dg/a7
X-Received: by 2002:a92:ddd0:: with SMTP id d16mr6064687ilr.52.1614900195965;
        Thu, 04 Mar 2021 15:23:15 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1614900195; cv=none;
        d=google.com; s=arc-20160816;
        b=RWcsnr2m0nE4IpiGoJknujrgm+mft33pEHsCcvHd6+V5HXdsHMGkVxY0p2gxEqjDji
         aGztDlxf3gjuwOt1rxv38f5IGzMBQgUKhJRu4br+f64lbUvTtbbrC7dfgJTqBG/xaA6A
         BPU6Gqs9wMo/CnSN4OlEiBGmhET9USOl3039KSaPZBjx1P6+frui//ZruSsR9IbbugMU
         W7aheozljINF1VjnZmV/vgVtz86m5DFTpKxQopzJIAsDbUIjOqv/TTj/kMyrF6U+EfuP
         EL3CjLoHkwOnJoORoKm0MhyQjLuYDJ+rrMepYex3hScxpqIZiAxs1hyzhZc6fdcSvqzw
         K0dQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to
         :references:mime-version:dkim-signature;
        bh=RAU+oF5abLpOatKR6GoNs0xhW7zYpMa0vIglwnJvvdg=;
        b=q5BhwDYD3oQ/kn7iApleqfKzrroVikl3h8fEesTBvjPr5V5uhUfWZKeH0+cZIlFzIw
         lI5/e15NRgxGxVyBjgiyR6KVZgZJUECeTfpekhiX01YhD14XzCPcmdG87yDid12EAi9K
         ssWJSSDViTU6CKGz7ir5973P0HrqjzZPpMnQW2spxALfaN+J0d/ibjtX/Z/AbizHzS68
         vNsY7YpZB1yo9Fl2XSAXQ1+YHG9QHByHYGQHmu0F0sPi41ERiox3874UD6pjnbjWIMyV
         JV7n5qt4WiS6cRp5FaYs5kKRCqEea4ui2YTqA8mgvcB9/C2ZAH4jhOg5RpxC97dey7N8
         L2WQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linaro.org header.s=google header.b=TXjhTZG7;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id g16si633177ion.86.2021.03.04.15.23.02;
        Thu, 04 Mar 2021 15:23:15 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linaro.org header.s=google header.b=TXjhTZG7;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1835088AbhCCSB7 (ORCPT <rfc822;luxiaolong211@gmail.com>
        + 99 others); Wed, 3 Mar 2021 13:01:59 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42492 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S233724AbhCCPFw (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 3 Mar 2021 10:05:52 -0500
Received: from mail-lf1-x12f.google.com (mail-lf1-x12f.google.com [IPv6:2a00:1450:4864:20::12f])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5EA7AC061760
        for <linux-kernel@vger.kernel.org>; Wed,  3 Mar 2021 07:04:55 -0800 (PST)
Received: by mail-lf1-x12f.google.com with SMTP id n16so20658164lfb.4
        for <linux-kernel@vger.kernel.org>; Wed, 03 Mar 2021 07:04:55 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=linaro.org; s=google;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=RAU+oF5abLpOatKR6GoNs0xhW7zYpMa0vIglwnJvvdg=;
        b=TXjhTZG7o4n5bxO+2rz3ZIatg4fz7wrYFZRfWehMJbbvQvWXqTzvq7Yyxc/V+rxHSP
         fLDpnURO2RHIGMA0mJnT2UfCmKwc152iZKeIXdKhkO2ZKVx0F7067lsAeLTrO+wteFXE
         h2C7EnX3ZjEudvNE1bIupubFD88jPsxE+uh8vr5zD8wBjFtgE/hgCEdlCVdsrYs7KwaS
         6V7VVBhAky65ZFa+aKvy9i8fNgIgTe6ZVsDBYWpjblE++wUpIA+YWuUOf1Uu9dx/qkUW
         8UDFtPLiF/Vd1jHQnjnJB6FGzbw+gvB1PQB3CC4npvI0IMcllIhbZO7wZytSfUDf38Oe
         wvUw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=RAU+oF5abLpOatKR6GoNs0xhW7zYpMa0vIglwnJvvdg=;
        b=bNS+IHNGwXUmvADnp2m0RPTZI3mwLJbvVVCD2fSkaR8atzonAAJPPKv4OqlD9T9jbi
         wLyQsKg+aZarjtqA6mi/YBRLTb/jgpB3usGCvoezQIAv32CiU6DA7dsXY5+S5ktChFcL
         aMt6VL79fIFmmiQrMavhpcVGWqvjE3Orga1uDtnhf2p5DnH1lW4MtB3Ag6wNkD4YFbeF
         GeS6JOsUPxSX2PmqM/IlAZKtwLGt98QjmllgwQkoO2IsX2CapaOZ4IAE4aC+4K0C3QiT
         VK5QUMHTdEuwQxJZvVNRF83PabTs7orJ0L3B+695inZZxiMXEVpobNmW+QEyMauNd9rb
         XFRA==
X-Gm-Message-State: AOAM530BMtZzVJeZ8e9zZ14gPv6/esilyfZrCnjwnMJIh1e35l57PQ83
        cHZm7IxypZoo/6xRI2q7t/074U5XEiQiuZpuOKHn4Q==
X-Received: by 2002:ac2:4d95:: with SMTP id g21mr16105295lfe.29.1614783893687;
 Wed, 03 Mar 2021 07:04:53 -0800 (PST)
MIME-Version: 1.0
References: <20210223023125.2265845-1-jiancai@google.com> <20210223023542.2287529-1-jiancai@google.com>
In-Reply-To: <20210223023542.2287529-1-jiancai@google.com>
From:   Linus Walleij <linus.walleij@linaro.org>
Date:   Wed, 3 Mar 2021 16:04:42 +0100
Message-ID: <CACRpkdYC3iDD23SESM0j2=f56kr6ByKeedDQvkGwXbUC0br0fw@mail.gmail.com>
Subject: Re: [PATCH v5] ARM: Implement SLS mitigation
To:     Jian Cai <jiancai@google.com>
Cc:     Nick Desaulniers <ndesaulniers@google.com>, manojgupta@google.com,
        llozano@google.com,
        clang-built-linux <clang-built-linux@googlegroups.com>,
        Nathan Chancellor <nathan@kernel.org>,
        David Laight <David.Laight@aculab.com>,
        Will Deacon <will@kernel.org>,
        Russell King <rmk+kernel@armlinux.org.uk>,
        Russell King <linux@armlinux.org.uk>,
        Catalin Marinas <catalin.marinas@arm.com>,
        James Morris <jmorris@namei.org>,
        "Serge E. Hallyn" <serge@hallyn.com>,
        Arnd Bergmann <arnd@arndb.de>,
        Masahiro Yamada <masahiroy@kernel.org>,
        Krzysztof Kozlowski <krzk@kernel.org>,
        Marc Zyngier <maz@kernel.org>,
        Kees Cook <keescook@chromium.org>,
        =?UTF-8?Q?Andreas_F=C3=A4rber?= <afaerber@suse.de>,
        Ard Biesheuvel <ardb@kernel.org>,
        Ingo Molnar <mingo@kernel.org>,
        Andrew Morton <akpm@linux-foundation.org>,
        Mike Rapoport <rppt@kernel.org>,
        Mark Rutland <mark.rutland@arm.com>,
        David Brazdil <dbrazdil@google.com>,
        James Morse <james.morse@arm.com>,
        Linux ARM <linux-arm-kernel@lists.infradead.org>,
        "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
        linux-security-module@vger.kernel.org
Content-Type: text/plain; charset="UTF-8"
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, Feb 23, 2021 at 3:36 AM Jian Cai <jiancai@google.com> wrote:

> This patch adds CONFIG_HARDEN_SLS_ALL that can be used to turn on
> -mharden-sls=all, which mitigates the straight-line speculation
> vulnerability, speculative execution of the instruction following some
> unconditional jumps. Notice -mharden-sls= has other options as below,
> and this config turns on the strongest option.
>
> all: enable all mitigations against Straight Line Speculation that are implemented.
> none: disable all mitigations against Straight Line Speculation.
> retbr: enable the mitigation against Straight Line Speculation for RET and BR instructions.
> blr: enable the mitigation against Straight Line Speculation for BLR instructions.

I heard about compiler protection for this, so nice to see it happening!

Would you happen to know if there is any plan to do the same for GCC?
I know you folks at Google like LLVM, but if you know let us know.

> +config HARDEN_SLS_ALL
> +       bool "enable SLS vulnerability hardening"

I would go in and also edit arch/arm/mm/Kconfig under:
config HARDEN_BRANCH_PREDICTOR add
select HARDEN_SLS_ALL

Because if the user wants hardening for branch prediction
in general then the user certainly wants this as well, if
available. The help text for that option literally says:

 "This config option will take CPU-specific actions to harden
   the branch predictor against aliasing attacks and may rely on
   specific instruction sequences or control bits being set by
   the system firmware."

Notice this only turns on for CPUs with CPU_SPECTRE
defined which makes sense. Also it is default y which fulfils
Will's request that it be turned on by default where
applicable. Notably it will not be turned on for pre-v7 silicon
which would be unhelpful as they don't suffer from
these bugs.

Reading Kristofs compiler patch here:
https://reviews.llvm.org/rG195f44278c4361a4a32377a98a1e3a15203d3647

I take it that for affected CPUs we should also patch all assembly
in the kernel containing a RET, BR or BLR with
DSB SYS followed by ISB?

I suppose we would also need to look for any mov PC, <>
code...

I guess we can invent a "SB" macro to mimic what Aarch64 is
doing so the code is easy to read. (Thinking aloud.)

Yours,
Linus Walleij