Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 727610 - sys-devel/clang: Straight Line Speculation mitigation for ARMv8 (CVE-2020-13844)
Summary: sys-devel/clang: Straight Line Speculation mitigation for ARMv8 (CVE-2020-13844)
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
Whiteboard: A4 [upstream cve]
Depends on:
Blocks: CVE-2020-13844
  Show dependency tree
Reported: 2020-06-09 01:30 UTC by Sam James
Modified: 2020-06-20 07:34 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester gentoo-dev Security 2020-06-09 01:30:16 UTC
Patches have been submitted by ARM to address the new Straight Line Speculation (SLS) vulnerability.

Patch series:

We are (obviously) not expecting maintainers to accept patches before they're accepted upstream, this is just to keep track.

"Please find patches for these mitigations on the below reviews:

1. [AArch64] Fix branch, terminator, etc properties for BRA* instructions.
2. [AArch64] Introduce AArch64SLSHardeningPass, which implements the hardening of RET and BR instructions.
3. [NFC] Refactor ThunkInserter to make it available for all targets.
4. [AArch64] Extend AArch64SLSHardeningPass to harden BLR instructions.
5. Work around GlobalISel limitation on Indirect Thunks.
6. [AArch64] Add clang command line support for -mharden-sls=
7. [AArch64] Avoid incompatibility between SLSBLR mitigation and BTI codegen, by only using X16 and X17 registers for BLRs."
Comment 1 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2020-06-20 07:34:32 UTC
FWICS the patches are in master now but not in 10.0.x.  Upstream Bugzilla is broken, so I can't check whether they were requested for backporting already.