diff options
author | Peter Zijlstra <peterz@infradead.org> | 2021-12-04 16:43:44 +0300 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2022-07-25 12:26:30 +0300 |
commit | e9925a4584dc2dd1a5eb4ffc44cd42bb1117a797 (patch) | |
tree | 6d616091f1e843a5bbc44db58e5c992422b40ba6 /arch/x86/Kconfig | |
parent | 0f8532c2837793acdaa07c6b47fda0bf1fa61f40 (diff) | |
download | linux-e9925a4584dc2dd1a5eb4ffc44cd42bb1117a797.tar.xz |
x86: Add straight-line-speculation mitigation
commit e463a09af2f0677b9485a7e8e4e70b396b2ffb6f upstream.
Make use of an upcoming GCC feature to mitigate
straight-line-speculation for x86:
https://gcc.gnu.org/g:53a643f8568067d7700a9f2facc8ba39974973d3
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102952
https://bugs.llvm.org/show_bug.cgi?id=52323
It's built tested on x86_64-allyesconfig using GCC-12 and GCC-11.
Maintenance overhead of this should be fairly low due to objtool
validation.
Size overhead of all these additional int3 instructions comes to:
text data bss dec hex filename
22267751 6933356 2011368 31212475 1dc43bb defconfig-build/vmlinux
22804126 6933356 1470696 31208178 1dc32f2 defconfig-build/vmlinux.sls
Or roughly 2.4% additional text.
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Signed-off-by: Borislav Petkov <bp@suse.de>
Link: https://lore.kernel.org/r/20211204134908.140103474@infradead.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[bwh: Backported to 5.10:
- In scripts/Makefile.build, add the objtool option with an ifdef
block, same as for other options
- Adjust context]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'arch/x86/Kconfig')
-rw-r--r-- | arch/x86/Kconfig | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index ed713840d469..68d46a648f6e 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -462,6 +462,18 @@ config RETPOLINE branches. Requires a compiler with -mindirect-branch=thunk-extern support for full protection. The kernel may run slower. +config CC_HAS_SLS + def_bool $(cc-option,-mharden-sls=all) + +config SLS + bool "Mitigate Straight-Line-Speculation" + depends on CC_HAS_SLS && X86_64 + default n + help + Compile the kernel with straight-line-speculation options to guard + against straight line speculation. The kernel image might be slightly + larger. + config X86_CPU_RESCTRL bool "x86 CPU resource control support" depends on X86 && (CPU_SUP_INTEL || CPU_SUP_AMD) |