Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 727610 - sys-devel/clang: Straight Line Speculation mitigation for ARMv8 (CVE-2020-13844)
Summary: sys-devel/clang: Straight Line Speculation mitigation for ARMv8 (CVE-2020-13844)
Status: IN_PROGRESS
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://lists.llvm.org/pipermail/llvm...
Whiteboard: A4 [glsa? cve]
Keywords:
Depends on:
Blocks: CVE-2020-13844
  Show dependency tree
 
Reported: 2020-06-09 01:30 UTC by Sam James
Modified: 2021-11-11 17:00 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester gentoo-dev Security 2020-06-09 01:30:16 UTC
Patches have been submitted by ARM to address the new Straight Line Speculation (SLS) vulnerability.

Patch series: https://lists.llvm.org/pipermail/llvm-dev/2020-June/142109.html

We are (obviously) not expecting maintainers to accept patches before they're accepted upstream, this is just to keep track.

"Please find patches for these mitigations on the below reviews:

1. https://reviews.llvm.org/D81399: [AArch64] Fix branch, terminator, etc properties for BRA* instructions.
2. https://reviews.llvm.org/D81400: [AArch64] Introduce AArch64SLSHardeningPass, which implements the hardening of RET and BR instructions.
3. https://reviews.llvm.org/D81401: [NFC] Refactor ThunkInserter to make it available for all targets.
4. https://reviews.llvm.org/D81402: [AArch64] Extend AArch64SLSHardeningPass to harden BLR instructions.
5. https://reviews.llvm.org/D81403: Work around GlobalISel limitation on Indirect Thunks.
6. https://reviews.llvm.org/D81404: [AArch64] Add clang command line support for -mharden-sls=
7. https://reviews.llvm.org/D81405: [AArch64] Avoid incompatibility between SLSBLR mitigation and BTI codegen, by only using X16 and X17 registers for BLRs."
Comment 1 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2020-06-20 07:34:32 UTC
FWICS the patches are in master now but not in 10.0.x.  Upstream Bugzilla is broken, so I can't check whether they were requested for backporting already.
Comment 2 John Helmert III gentoo-dev Security 2021-11-11 17:00:21 UTC
(In reply to Sam James from comment #0)
> Patches have been submitted by ARM to address the new Straight Line
> Speculation (SLS) vulnerability.
> 
> Patch series: https://lists.llvm.org/pipermail/llvm-dev/2020-June/142109.html
> 
> We are (obviously) not expecting maintainers to accept patches before
> they're accepted upstream, this is just to keep track.
> 
> "Please find patches for these mitigations on the below reviews:
> 
> 1. https://reviews.llvm.org/D81399: [AArch64] Fix branch, terminator, etc
> properties for BRA* instructions.
> 2. https://reviews.llvm.org/D81400: [AArch64] Introduce
> AArch64SLSHardeningPass, which implements the hardening of RET and BR
> instructions.
> 3. https://reviews.llvm.org/D81401: [NFC] Refactor ThunkInserter to make it
> available for all targets.
> 4. https://reviews.llvm.org/D81402: [AArch64] Extend AArch64SLSHardeningPass
> to harden BLR instructions.
> 5. https://reviews.llvm.org/D81403: Work around GlobalISel limitation on
> Indirect Thunks.
> 6. https://reviews.llvm.org/D81404: [AArch64] Add clang command line support
> for -mharden-sls=
> 7. https://reviews.llvm.org/D81405: [AArch64] Avoid incompatibility between
> SLSBLR mitigation and BTI codegen, by only using X16 and X17 registers for
> BLRs."

All of these are in clang-11.0.0 and onward.