[PATCH v4] ARM: Implement SLS mitigation
David Laight
David.Laight at ACULAB.COM
Wed Mar 3 15:29:37 UTC 2021
From: Linus Walleij
> Sent: 03 March 2021 15:19
>
> On Tue, Feb 23, 2021 at 11:05 AM Will Deacon <will at kernel.org> wrote:
> > On Mon, Feb 22, 2021 at 01:50:06PM -0800, Jian Cai wrote:
> > > I am not sure if there are any plans to protect assembly code and I
> > > will leave it to the Arm folks since they know a whole lot better. But
> > > even without that part, we should still have better protection,
> > > especially when overhead does not look too bad: I did some preliminary
> > > experiments on ChromeOS, code size of vmlinux increased 3%, and there
> > > were no noticeable changes to run-time performance of the benchmarks I
> > > used.
> >
> > If the mitigation is required, I'm not sure I see a lot of point in only
> > doing a half-baked job of it. It feels a bit like a box-ticking exercise,
> > in which case any overhead is too much.
>
> I wrote some suggestions on follow-ups in my reply, and I can
> help out doing some of the patches, I think.
>
> Since ARM32 RET is mov pc, <>
> git grep 'mov.*pc,' | wc -l gives 93 sites in arch/arm.
> I suppose these need to come out:
>
> mov pc, lr
> dsb(nsh);
> isb();
Won't that go horribly wrong for conditional returns?
David
-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)
More information about the Linux-security-module-archive
mailing list