Google Engineers Propose Adding Linux Kernel Option For ARM SLS Mitigation

Written by Michael Larabel in Arm on 15 February 2021 at 01:00 AM EST. 1 Comment
ARM
Made public last year was the Arm Straight Light Speculation (SLS) vulnerability. SLS with ARM hardware can result in speculative executing instructions following an unconditional change in control flow. The Linux kernel may soon have an option for enabling the mitigation of the Arm SLS vulnerability.

Mitigating the Arm Straight Line Speculation vulnerability involves using speculation barrier sequences following vulnerable instructions -- either the Speculation Barrier (SB) instruction or the DSB+ISB instruction sequence. The GCC compiler added its support along with the LLVM Clang compiler handling of this vulnerability in the same manner.

What's being proposed by Google engineers on the kernel side is simply a new Kconfig switch (HARDEN_SLS_ALL) that would flip on the compiler option of "-mharden-sls=all" for supported compilers. Thus the compiled kernel code would be properly mitigated against the straight-line speculation vulnerability for ARM and ARM64/AArch64. This isn't relevant to other architectures. With Google relying on LLVM Clang for building their production and development Linux kernels, that is their focus while -mharden-sls=all is also supported by GCC.

The "-mharden-sls=all" behavior with the modern compilers provide SLS hardening when encountering RETBR and BLR instructions.

The addition for SLS hardening of the Linux kernel via the compiler support is now under review on the kernel mailing list. The Kconfig option is simply defaulting to the strongest SLS "all" behavior so once this patch is mainlined we'll be sure to check for its performance impact and seeing if the HARDEN_SLS_ALL option ends up being widely used by distribution vendors in the name of increased ARM security.
1 Comment
Related News
Linux 6.13 For ARM64 Brings GCS Support & Protected VMs With Arm CCA
Nice Performance Gains With SVT-AV1 2.3 Encoding On The System76 Thelio Astra
Snapdragon X1 Elite CPUFreq Support Revised In Latest Linux Patches
Linux Support Continues For The Now-Canceled Snapdragon X Elite Dev Kit For Windows
ARM64 SMT Control Patches Updated For The Linux Kernel
Arm's Guarded Control Stack "GCS" Support Looks Like It Will Be Ready For Linux 6.13
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
OpenWrt Affected By Security Issue That Could Have Led To Compromised Build Artifacts
Linus Torvalds Comes Out Against "Completely Broken" x86_64 Feature Levels
How AMD Is Taking Standard C/C++ Code To Run Directly On GPUs
Linux EFI Zboot Abandoning "Compression Library Museum", Focusing On Gzip & Zstd
Ptyxis Becomes Ubuntu's Recommended Replacement To GNOME Terminal
COSMIC Alpha 4 Released For System76's Rust-Based Desktop
GNU Shepherd 1.0 Service Manager Released As "Solid Tool" Alternative To systemd
KDE Starts December By Landing A Number Of New Features