Flags for mitigating straight line speculation · Issue #869 · rust-lang/compiler-team (original) (raw)
Proposal
Add a new flag -Zharden-sls=[none|all|return|indirect-jmp] to mitigate against straight line speculation (SLS).
The flag is implemented by enabling the LLVM target modifiers +harden-sls-ijmp or +harden-sls-ret.
The naming of this flag and its options are what both clang and gcc use. The Linux kernel uses the configuration -mharden-sls=all.
I suggest that the flags should utilize the target modifier infrastructure to prevent mixing compilation units with and without the flags because such misuse breaks the mitigation. However, the flag to opt-out from this check does not necessarily need the word "unsafe" because it's not actually part of the ABI.
These flags are added with the intent of later stabilizing them, hence this MCP.
The Rust issue for this feature is rust-lang/rust#116851.
Process
The main points of the Major Change Process are as follows:
- File an issue describing the proposal.
- A compiler team member or contributor who is knowledgeable in the area can second by writing
@rustbot second.- Finding a "second" suffices for internal changes. If however, you are proposing a new public-facing feature, such as a
-C flag, then full team check-off is required. - Compiler team members can initiate a check-off via
@rfcbot fcp mergeon either the MCP or the PR.
- Finding a "second" suffices for internal changes. If however, you are proposing a new public-facing feature, such as a
- Once an MCP is seconded, the Final Comment Period begins. If no objections are raised after 10 days, the MCP is considered approved.
You can read more about Major Change Proposals on forge.