Re: [PATCH v6] ARM: Implement SLS mitigation
From: Will Deacon <will@kernel.org>
Date: 2021-03-05 09:54:09
Also in:
linux-arm-kernel, lkml
On Thu, Mar 04, 2021 at 04:53:18PM -0800, Jian Cai wrote:
This patch adds CONFIG_HARDEN_SLS_ALL that can be used to turn on -mharden-sls=all, which mitigates the straight-line speculation vulnerability, speculative execution of the instruction following some unconditional jumps. Notice -mharden-sls= has other options as below, and this config turns on the strongest option. all: enable all mitigations against Straight Line Speculation that are implemented. none: disable all mitigations against Straight Line Speculation. retbr: enable the mitigation against Straight Line Speculation for RET and BR instructions. blr: enable the mitigation against Straight Line Speculation for BLR instructions. Links: https://reviews.llvm.org/D93221 https://reviews.llvm.org/D81404 https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/downloads/straight-line-speculation https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/frequently-asked-questions#SLS2 Suggested-by: Manoj Gupta <redacted> Suggested-by: Nick Desaulniers <ndesaulniers@google.com> Suggested-by: Nathan Chancellor <nathan@kernel.org> Suggested-by: David Laight <redacted> Suggested-by: Will Deacon <will@kernel.org>
I'm still reasonably opposed to this patch, so please don't add my "Suggested-by" here as, if I were to suggest anything, it would be not to apply this patch :) I still don't see why SLS is worth a compiler mitigation which will affect all CPUs that run the kernel binary, but Spectre-v1 is not. In other words, the big thing missing from this is a justification as to why SLS is a problem worth working around for general C code. Will