Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp1633164pxb; Thu, 4 Mar 2021 17:02:49 -0800 (PST) X-Google-Smtp-Source: ABdhPJzzSrmFFavvpCKsAvbmPo3CKZk8EFC4Vg2H2iL4cmM9D2vlMvGIDIPYwpZ/HX2vpdK832Dk X-Received: by 2002:a6b:7319:: with SMTP id e25mr5591371ioh.0.1614906169456; Thu, 04 Mar 2021 17:02:49 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1614906169; cv=none; d=google.com; s=arc-20160816; b=TYW7rQ5GZoMKz86kQzIuyO8iIRa2fj73QsbX2TNS+2VByHHk8dkZPXcW0EJ3RFNwnA xQEZ5lxpfpCfyv0XsU15JW4Ue1LB3aKWCdKs7oGIW/xFjsiCNclk4IRvgBW2yeCsUeqS 5bQuAwCpnhFxMZ2RjKfESqHEfa8RS4aziwpRJZ36ykg57D5J0YWAJ//sSTxrrLhrNCWy XQ8Yz1Mq9Vz3nC5rA/mcu7jXA5Z8XGkVENXjsq7jlYGvOGO5uBCQUfqYXU/8NW+YFfxs lgxkMmz5b3pYE4TzWs1Risl3f5/M769C7GVxiIH0HjPac8SdvDdQR7XILG8yKhuu06GA FYcw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=KX90TntfNSVDI/d+8xow5Mh17Q6zvuilvP5em04oWjY=; b=f27RZBxjiLxVxbmb/BOcSTv3oV7U836qhLfEAah/4QjxGJNlZaPktO5fFU6d5lZO0Y FFmLEzzs/5h4mcLA6IRPII3eDiaOO4cJd5jNtB3FOUuYWr2vc4K+wXZ3em94Jjd67OZ/ /mSAlYYMgB2EuIxYzqkAJJ6cVoEj4IRfcjB22lLcRWCvObrm2uqdLiW8G4fUWuXLK19y HiRrShWOJ9W0t993KEl4m0oz5EskbX5qQ0vWgV/UFp8DEL1OFnKL2QtIqEYc1gJyNmsP lSwgqiVjfBWSl4Z5akdIXtuaRpQRGBGx9Lybt0pheZ12/1MBbdMX8deyty3BorZCkNY3 pzIQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=evlkDz3t; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id k23si932248ios.16.2021.03.04.17.02.32; Thu, 04 Mar 2021 17:02:49 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=evlkDz3t; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233149AbhCDXXJ (ORCPT + 99 others); Thu, 4 Mar 2021 18:23:09 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37584 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232741AbhCDXXF (ORCPT ); Thu, 4 Mar 2021 18:23:05 -0500 Received: from mail-oi1-x231.google.com (mail-oi1-x231.google.com [IPv6:2607:f8b0:4864:20::231]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CC9D3C061574 for ; Thu, 4 Mar 2021 15:23:03 -0800 (PST) Received: by mail-oi1-x231.google.com with SMTP id x20so349286oie.11 for ; Thu, 04 Mar 2021 15:23:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=KX90TntfNSVDI/d+8xow5Mh17Q6zvuilvP5em04oWjY=; b=evlkDz3tOC0PRm2yFOMRmARwNKsKxDT+D/sjkRuXV1enp+iw0RNNX7PXb0LeA4PIuk a4adaa26mplL1TvI3Oa6QpU9gkZwS7NqO5vFN9NGwWQG96gOnbRstdXXREnPse4zOCSJ wmClzqRUYMTOHDnkjYhUnQeri3Kv6FraqdTVDrzJ+lbM8lI+UDnw03PX3A418wQZtQcf Qty0fett7YCVsVMlvaQIp+jkOWSAXv9la1FwplnqLjBg8hmMGdMAkstxUTFh25zy5YbH nR6oxYgIpHy15AjyF447AWS3rjlhHbeqgPZfA0olvaACefhOKfONldoRjh0EIossCuOe 7fKw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=KX90TntfNSVDI/d+8xow5Mh17Q6zvuilvP5em04oWjY=; b=nXjdzdEEnrz4GnpCwoxcC3L/ZRg/bdb9SBmDSeGP1FNEfcYQCVGEZFbdsJQCyNXLG5 CNpkSx5YHCyKhsFMn09BouoeJ7ufYBSEx1mNDiy11FgcsXbXJaVrxlaVMjFZDYZhXUhn 1OjZrFtkliP36rUOP+0PbRvPebDBfR+erE5GGvnvvMJ3AnpazdNJK+9zJQRb08/B/mOF dVq5t6W9E4Sj5cE9+Ldh2PkpXhkfesOR1U6RQQf7QToJGX7bUK0zdJZPrzR+/dTs6gI8 fnYs/+ZsK2joYxXoLLEJsUQhqhYuSLGOMcZhQn9LetOifWY51jcXZWdIHwSqD02Tgf8X djsw== X-Gm-Message-State: AOAM532cNbNzQE3Xc/73m2YGBZvHHp5+2N+1EuLMgY1Uxp65Y53yfmE5 +TWzhePxOQ4WKq7NrpCspt2f8M2orYxxOVqpajeNPw== X-Received: by 2002:aca:4892:: with SMTP id v140mr4795362oia.66.1614900183011; Thu, 04 Mar 2021 15:23:03 -0800 (PST) MIME-Version: 1.0 References: <20210223023125.2265845-1-jiancai@google.com> <20210223023542.2287529-1-jiancai@google.com> In-Reply-To: From: Jian Cai Date: Thu, 4 Mar 2021 15:22:51 -0800 Message-ID: Subject: Re: [PATCH v5] ARM: Implement SLS mitigation To: Linus Walleij Cc: Nick Desaulniers , Manoj Gupta , Luis Lozano , clang-built-linux , Nathan Chancellor , David Laight , Will Deacon , Russell King , Russell King , Catalin Marinas , James Morris , "Serge E. Hallyn" , Arnd Bergmann , Masahiro Yamada , Krzysztof Kozlowski , Marc Zyngier , Kees Cook , =?UTF-8?Q?Andreas_F=C3=A4rber?= , Ard Biesheuvel , Ingo Molnar , Andrew Morton , Mike Rapoport , Mark Rutland , David Brazdil , James Morse , Linux ARM , "linux-kernel@vger.kernel.org" , linux-security-module@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Mar 3, 2021 at 7:04 AM Linus Walleij wrote: > > On Tue, Feb 23, 2021 at 3:36 AM Jian Cai wrote: > > > This patch adds CONFIG_HARDEN_SLS_ALL that can be used to turn on > > -mharden-sls=all, which mitigates the straight-line speculation > > vulnerability, speculative execution of the instruction following some > > unconditional jumps. Notice -mharden-sls= has other options as below, > > and this config turns on the strongest option. > > > > all: enable all mitigations against Straight Line Speculation that are implemented. > > none: disable all mitigations against Straight Line Speculation. > > retbr: enable the mitigation against Straight Line Speculation for RET and BR instructions. > > blr: enable the mitigation against Straight Line Speculation for BLR instructions. > > I heard about compiler protection for this, so nice to see it happening! > > Would you happen to know if there is any plan to do the same for GCC? > I know you folks at Google like LLVM, but if you know let us know. I think gcc also has these options. https://gcc.gnu.org/onlinedocs/gcc/AArch64-Options.html > > > +config HARDEN_SLS_ALL > > + bool "enable SLS vulnerability hardening" > > I would go in and also edit arch/arm/mm/Kconfig under: > config HARDEN_BRANCH_PREDICTOR add > select HARDEN_SLS_ALL > > Because if the user wants hardening for branch prediction > in general then the user certainly wants this as well, if > available. The help text for that option literally says: > > "This config option will take CPU-specific actions to harden > the branch predictor against aliasing attacks and may rely on > specific instruction sequences or control bits being set by > the system firmware." > > Notice this only turns on for CPUs with CPU_SPECTRE > defined which makes sense. Also it is default y which fulfils > Will's request that it be turned on by default where > applicable. Notably it will not be turned on for pre-v7 silicon > which would be unhelpful as they don't suffer from > these bugs. Thanks for the suggestion. I will update the patch. > > Reading Kristofs compiler patch here: > https://reviews.llvm.org/rG195f44278c4361a4a32377a98a1e3a15203d3647 > > I take it that for affected CPUs we should also patch all assembly > in the kernel containing a RET, BR or BLR with > DSB SYS followed by ISB? > > I suppose we would also need to look for any mov PC, <> > code... > > I guess we can invent a "SB" macro to mimic what Aarch64 is > doing so the code is easy to read. (Thinking aloud.) > > Yours, > Linus Walleij