| Message ID | 20210212051500.943179-1-jiancai@google.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | ARM: Implement Clang's SLS mitigation | expand |
Hi Jian, On Thu, Feb 11, 2021 at 09:14:58PM -0800, Jian Cai wrote: > This patch adds a config CONFIG_HARDEN_SLS_ALL that can be used to turn Drop "a config". > on -mharden-sls=all, which mitigates the straight-line speculation > vulnerability, or more commonly known as Spectre, Meldown. ^ I would drop "or" here ^ drop comma, use "and", typo: "Meltdown" Although, is that a fair statement? SLS is not called Spectre or Meltdown by ARM, it is a speculative processor vulnerabilty. It might just be better to drop eerything after the first comma (although maybe that is just being pedantic). > > Notice -mharden-sls= has other options as below, and this config turns > on the strongest option. > > all: enable all mitigations against Straight Line Speculation that are implemented. > none: disable all mitigations against Straight Line Speculation. > retbr: enable the mitigation against Straight Line Speculation for RET and BR instructions. > blr: enable the mitigation against Straight Line Speculation for BLR instructions. I cannot comment on whether or not this is worth doing, I will leave that up to Will, Catalin, et al. The following comments are more from a "regular kernel developer" perspective, rather than an "arm64 kernel developer" :) > Link: https://reviews.llvm.org/D93221 > Link: https://reviews.llvm.org/D81404 > Link: https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/downloads/straight-line-speculation This is also a useful article it seems: https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/frequently-asked-questions#SLS2 > Link: https://crbug.com/1171521 This crbug is private. If it is going into a commit message, please publicize it. > Suggested-by: Manoj Gupta <manojgupta@google.com> > Signed-off-by: Jian Cai <jiancai@google.com> > --- > arch/arm/Makefile | 4 ++++ > arch/arm64/Makefile | 5 +++++ > security/Kconfig.hardening | 11 +++++++++++ > 3 files changed, 20 insertions(+) > > diff --git a/arch/arm/Makefile b/arch/arm/Makefile > index 4aaec9599e8a..11d89ef32da9 100644 > --- a/arch/arm/Makefile > +++ b/arch/arm/Makefile > @@ -48,6 +48,10 @@ CHECKFLAGS += -D__ARMEL__ > KBUILD_LDFLAGS += -EL > endif > > +ifeq ($(CONFIG_HARDEN_SLS_ALL), y) > +KBUILD_CFLAGS += -mharden-sls=all > +endif > + > # > # The Scalar Replacement of Aggregates (SRA) optimization pass in GCC 4.9 and > # later may result in code being generated that handles signed short and signed > diff --git a/arch/arm64/Makefile b/arch/arm64/Makefile > index 90309208bb28..8fd0ccd87eca 100644 > --- a/arch/arm64/Makefile > +++ b/arch/arm64/Makefile > @@ -34,6 +34,11 @@ $(warning LSE atomics not supported by binutils) > endif > endif > > +ifeq ($(CONFIG_HARDEN_SLS_ALL), y) > +KBUILD_CFLAGS += -mharden-sls=all > +endif > + > + Extra space here > cc_has_k_constraint := $(call try-run,echo \ > 'int main(void) { \ > asm volatile("and w0, w0, %w0" :: "K" (4294967295)); \ > diff --git a/security/Kconfig.hardening b/security/Kconfig.hardening > index 269967c4fc1b..d83c406c81a3 100644 > --- a/security/Kconfig.hardening > +++ b/security/Kconfig.hardening > @@ -121,6 +121,17 @@ choice > > endchoice > > + > +config CC_HAS_HARDEN_SLS_ALL > + def_bool $(cc-option,-mharden-sls=all) I do not think that CONFIG_CC_HAS_HARDEN_SLS_ALL serves much purpose. Moving the cc-option into CONFIG_HARDEN_SLS_ALL is just as clean. config HARDEN_SLS_ALL bool "enable SLS vulnerability hardening" depends on $(cc-option,-mharden-sls=all) help Enables straight-line speculation vulnerability hardening at highest level. > + > + config HARDEN_SLS_ALL > + bool "enable SLS vulnerability hardening" The spacing here seems messed up, I corrected it above. > + depends on CC_HAS_HARDEN_SLS_ALL > + help > + Enables straight-line speculation vulnerability hardening > + at highest level. > + > config GCC_PLUGIN_STRUCTLEAK_VERBOSE > bool "Report forcefully initialized variables" > depends on GCC_PLUGIN_STRUCTLEAK > -- > 2.30.0.478.g8a0d178c01-goog > > Cheers, Nathan
> > on -mharden-sls=all, which mitigates the straight-line speculation > > vulnerability, or more commonly known as Spectre, Meldown. > > ^ I would drop "or" here > ^ drop comma, > use "and", > typo: "Meltdown" > > Although, is that a fair statement? SLS is not called Spectre or > Meltdown by ARM, it is a speculative processor vulnerabilty. It > might just be better to drop eerything after the first comma (although > maybe that is just being pedantic). or replace with: (speculative execution of the instruction following some unconditional jumps). Which will save a lot of people looking up what it means. David - Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK Registration No: 1397386 (Wales)
diff --git a/arch/arm/Makefile b/arch/arm/Makefile index 4aaec9599e8a..11d89ef32da9 100644 --- a/arch/arm/Makefile +++ b/arch/arm/Makefile @@ -48,6 +48,10 @@ CHECKFLAGS += -D__ARMEL__ KBUILD_LDFLAGS += -EL endif +ifeq ($(CONFIG_HARDEN_SLS_ALL), y) +KBUILD_CFLAGS += -mharden-sls=all +endif + # # The Scalar Replacement of Aggregates (SRA) optimization pass in GCC 4.9 and # later may result in code being generated that handles signed short and signed diff --git a/arch/arm64/Makefile b/arch/arm64/Makefile index 90309208bb28..8fd0ccd87eca 100644 --- a/arch/arm64/Makefile +++ b/arch/arm64/Makefile @@ -34,6 +34,11 @@ $(warning LSE atomics not supported by binutils) endif endif +ifeq ($(CONFIG_HARDEN_SLS_ALL), y) +KBUILD_CFLAGS += -mharden-sls=all +endif + + cc_has_k_constraint := $(call try-run,echo \ 'int main(void) { \ asm volatile("and w0, w0, %w0" :: "K" (4294967295)); \ diff --git a/security/Kconfig.hardening b/security/Kconfig.hardening index 269967c4fc1b..d83c406c81a3 100644 --- a/security/Kconfig.hardening +++ b/security/Kconfig.hardening @@ -121,6 +121,17 @@ choice endchoice + +config CC_HAS_HARDEN_SLS_ALL + def_bool $(cc-option,-mharden-sls=all) + + config HARDEN_SLS_ALL + bool "enable SLS vulnerability hardening" + depends on CC_HAS_HARDEN_SLS_ALL + help + Enables straight-line speculation vulnerability hardening + at highest level. + config GCC_PLUGIN_STRUCTLEAK_VERBOSE bool "Report forcefully initialized variables" depends on GCC_PLUGIN_STRUCTLEAK
This patch adds a config CONFIG_HARDEN_SLS_ALL that can be used to turn on -mharden-sls=all, which mitigates the straight-line speculation vulnerability, or more commonly known as Spectre, Meldown. Notice -mharden-sls= has other options as below, and this config turns on the strongest option. all: enable all mitigations against Straight Line Speculation that are implemented. none: disable all mitigations against Straight Line Speculation. retbr: enable the mitigation against Straight Line Speculation for RET and BR instructions. blr: enable the mitigation against Straight Line Speculation for BLR instructions. Link: https://reviews.llvm.org/D93221 Link: https://reviews.llvm.org/D81404 Link: https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/downloads/straight-line-speculation Link: https://crbug.com/1171521 Suggested-by: Manoj Gupta <manojgupta@google.com> Signed-off-by: Jian Cai <jiancai@google.com> --- arch/arm/Makefile | 4 ++++ arch/arm64/Makefile | 5 +++++ security/Kconfig.hardening | 11 +++++++++++ 3 files changed, 20 insertions(+)