[PATCH v4] ARM: Implement SLS mitigation
Russell King - ARM Linux admin
linux at armlinux.org.uk
Sun Feb 21 10:13:17 UTC 2021
On Fri, Feb 19, 2021 at 03:08:13PM -0800, Jian Cai wrote:
> diff --git a/security/Kconfig.hardening b/security/Kconfig.hardening
> index 269967c4fc1b..146b75a79d9e 100644
> --- a/security/Kconfig.hardening
> +++ b/security/Kconfig.hardening
> @@ -121,6 +121,16 @@ choice
> +config HARDEN_SLS_ALL
> + bool "enable SLS vulnerability hardening"
> + default n
Please get rid of this useless "default n"
> + depends on $(cc-option,-mharden-sls=all)
> + help
> + Enables straight-line speculation vulnerability hardening on ARM and ARM64
> + architectures. It inserts speculation barrier sequences (SB or DSB+ISB
> + depending on the target architecture) after RET and BR, and replacing
> + BLR with BL+BR sequence.
Given that this is in an architecture independent Kconfig file, and it
detects support in CC for this feature, why should this help text be
written to be specific to a couple of architectures? Will this feature
only ever be available on these two architectures? What if someone adds
support for another architecture?
RMK's Patch system: https://www.armlinux.org.uk/developer/patches/
FTTP is here! 40Mbps down 10Mbps up. Decent connectivity at last!
More information about the Linux-security-module-archive