Google Engineers Propose Adding Linux Kernel Option For ARM SLS Mitigation

Written by Michael Larabel in Arm on 15 February 2021 at 01:00 AM EST. 1 Comment
Made public last year was the Arm Straight Light Speculation (SLS) vulnerability. SLS with ARM hardware can result in speculative executing instructions following an unconditional change in control flow. The Linux kernel may soon have an option for enabling the mitigation of the Arm SLS vulnerability.

Mitigating the Arm Straight Line Speculation vulnerability involves using speculation barrier sequences following vulnerable instructions -- either the Speculation Barrier (SB) instruction or the DSB+ISB instruction sequence. The GCC compiler added its support along with the LLVM Clang compiler handling of this vulnerability in the same manner.

What's being proposed by Google engineers on the kernel side is simply a new Kconfig switch (HARDEN_SLS_ALL) that would flip on the compiler option of "-mharden-sls=all" for supported compilers. Thus the compiled kernel code would be properly mitigated against the straight-line speculation vulnerability for ARM and ARM64/AArch64. This isn't relevant to other architectures. With Google relying on LLVM Clang for building their production and development Linux kernels, that is their focus while -mharden-sls=all is also supported by GCC.

The "-mharden-sls=all" behavior with the modern compilers provide SLS hardening when encountering RETBR and BLR instructions.

The addition for SLS hardening of the Linux kernel via the compiler support is now under review on the kernel mailing list. The Kconfig option is simply defaulting to the strongest SLS "all" behavior so once this patch is mainlined we'll be sure to check for its performance impact and seeing if the HARDEN_SLS_ALL option ends up being widely used by distribution vendors in the name of increased ARM security.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via

Popular News This Week