Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 727610 - sys-devel/clang: Straight Line Speculation mitigation for ARMv8 (CVE-2020-13844)
Summary: sys-devel/clang: Straight Line Speculation mitigation for ARMv8 (CVE-2020-13844)
Status: IN_PROGRESS
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://lists.llvm.org/pipermail/llvm...
Whiteboard: A4 [upstream cve]
Keywords:
Depends on:
Blocks: CVE-2020-13844
  Show dependency tree
 
Reported: 2020-06-09 01:30 UTC by Sam James
Modified: 2020-06-20 07:34 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester gentoo-dev Security 2020-06-09 01:30:16 UTC
Patches have been submitted by ARM to address the new Straight Line Speculation (SLS) vulnerability.

Patch series: https://lists.llvm.org/pipermail/llvm-dev/2020-June/142109.html

We are (obviously) not expecting maintainers to accept patches before they're accepted upstream, this is just to keep track.

"Please find patches for these mitigations on the below reviews:

1. https://reviews.llvm.org/D81399: [AArch64] Fix branch, terminator, etc properties for BRA* instructions.
2. https://reviews.llvm.org/D81400: [AArch64] Introduce AArch64SLSHardeningPass, which implements the hardening of RET and BR instructions.
3. https://reviews.llvm.org/D81401: [NFC] Refactor ThunkInserter to make it available for all targets.
4. https://reviews.llvm.org/D81402: [AArch64] Extend AArch64SLSHardeningPass to harden BLR instructions.
5. https://reviews.llvm.org/D81403: Work around GlobalISel limitation on Indirect Thunks.
6. https://reviews.llvm.org/D81404: [AArch64] Add clang command line support for -mharden-sls=
7. https://reviews.llvm.org/D81405: [AArch64] Avoid incompatibility between SLSBLR mitigation and BTI codegen, by only using X16 and X17 registers for BLRs."
Comment 1 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2020-06-20 07:34:32 UTC
FWICS the patches are in master now but not in 10.0.x.  Upstream Bugzilla is broken, so I can't check whether they were requested for backporting already.