| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CA+SOCLLo2MdxCH3gFONHsKdvmGGm2vZuML9QdQfWuX2--qFEOA@mail.gmail.com>
Date: Tue, 9 Mar 2021 20:43:28 -0800
From: Jian Cai <jiancai@...gle.com>
To: Linus Walleij <linus.walleij@...aro.org>
Cc: Nick Desaulniers <ndesaulniers@...gle.com>,
Manoj Gupta <manojgupta@...gle.com>,
Luis Lozano <llozano@...gle.com>,
clang-built-linux <clang-built-linux@...glegroups.com>,
Nathan Chancellor <nathan@...nel.org>,
David Laight <David.Laight@...lab.com>,
Will Deacon <will@...nel.org>,
Russell King <rmk+kernel@...linux.org.uk>,
Russell King <linux@...linux.org.uk>,
Catalin Marinas <catalin.marinas@....com>,
James Morris <jmorris@...ei.org>,
"Serge E. Hallyn" <serge@...lyn.com>,
Arnd Bergmann <arnd@...db.de>,
Masahiro Yamada <masahiroy@...nel.org>,
Krzysztof Kozlowski <krzk@...nel.org>,
Marc Zyngier <maz@...nel.org>,
Kees Cook <keescook@...omium.org>,
Andreas Färber <afaerber@...e.de>,
Ard Biesheuvel <ardb@...nel.org>,
Ingo Molnar <mingo@...nel.org>,
Andrew Morton <akpm@...ux-foundation.org>,
Mike Rapoport <rppt@...nel.org>,
Mark Rutland <mark.rutland@....com>,
David Brazdil <dbrazdil@...gle.com>,
James Morse <james.morse@....com>,
Linux ARM <linux-arm-kernel@...ts.infradead.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
linux-security-module@...r.kernel.org
Subject: Re: [PATCH v5] ARM: Implement SLS mitigation
On Sat, Mar 6, 2021 at 4:25 AM Linus Walleij <linus.walleij@...aro.org> wrote:
>
> On Fri, Mar 5, 2021 at 12:23 AM Jian Cai <jiancai@...gle.com> wrote:
> > On Wed, Mar 3, 2021 at 7:04 AM Linus Walleij <linus.walleij@...aro.org> wrote:
> > >
> > > On Tue, Feb 23, 2021 at 3:36 AM Jian Cai <jiancai@...gle.com> wrote:
> > >
> > > > This patch adds CONFIG_HARDEN_SLS_ALL that can be used to turn on
> > > > -mharden-sls=all, which mitigates the straight-line speculation
> > > > vulnerability, speculative execution of the instruction following some
> > > > unconditional jumps. Notice -mharden-sls= has other options as below,
> > > > and this config turns on the strongest option.
> > > >
> > > > all: enable all mitigations against Straight Line Speculation that are implemented.
> > > > none: disable all mitigations against Straight Line Speculation.
> > > > retbr: enable the mitigation against Straight Line Speculation for RET and BR instructions.
> > > > blr: enable the mitigation against Straight Line Speculation for BLR instructions.
> > >
> > > I heard about compiler protection for this, so nice to see it happening!
> > >
> > > Would you happen to know if there is any plan to do the same for GCC?
> > > I know you folks at Google like LLVM, but if you know let us know.
> >
> > I think gcc also has these options.
> > https://gcc.gnu.org/onlinedocs/gcc/AArch64-Options.html
>
> And how does that work with this part of your patch:
>
> +#define SLS_TEXT \
> + ALIGN_FUNCTION(); \
> + *(.text.__llvm_slsblr_thunk_*)
>
> This does not look compiler agnostic?
>
You are right, GCC does generate different oraphan section names. I
will address it in the next version of the patch. Also it seems only
arm64 gcc supports -mharden-sls=* at this moment, arm32 gcc does not
support it yet. I don't know if there is any plan to implement it for
32-bit gcc, but should we patch arm32 linker script preemptively,
assuming the sections will be named with the same pattern like how
clang does so the kernel would not fail to boot when the flag is
implemented?
Thanks,
Jian
> Yours,
> Linus Walleij
Powered by blists - more mailing lists