This is the mail archive of the gcc-patches@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH 0/5] x86: CVE-2017-5715, aka Spectre

From: David Woodhouse <dwmw2 at infradead dot org>
To: Florian Weimer <fw at deneb dot enyo dot de>, "H.J. Lu" <hjl dot tools at gmail dot com>
Cc: gcc-patches at gcc dot gnu dot org
Date: Mon, 08 Jan 2018 20:43:28 +0000
Subject: Re: [PATCH 0/5] x86: CVE-2017-5715, aka Spectre
Authentication-results: sourceware.org; auth=none
References: <20180107225904.11535-1-hjl.tools@gmail.com> <87zi5o92nd.fsf@mid.deneb.enyo.de>

On Mon, 2018-01-08 at 09:27 +0100, Florian Weimer wrote:
> * H. J. Lu:
> 
> > 
> > This set of patches for GCC 8 mitigates variant #2 of the
> > speculative execution vulnerabilities on x86 processors identified
> > by CVE-2017-5715, aka Spectre.  They convert indirect branches to
> > call and return thunks to avoid speculative execution via indirect
> > call and jmp.
> Would it make sense to add a mode which relies on an empty return
> stack cache?  Or will CPUs use the regular branch predictor if the
> return stack is empty?
> 
> With an empty return stack cache and no branch predictor, a simple
> PUSH/RET sequence cannot be predicted, so the complex CALL sequence
> with a speculation barrier is not needed.

Some CPUs will use the regular branch predictor if the RSB is empty.
Others just round-robin the RSB and will use the *oldest* entry if they
underflow.

Attachment: smime.p7s
Description: S/MIME cryptographic signature

References:
- [PATCH 0/5] x86: CVE-2017-5715, aka Spectre
  - From: H.J. Lu
- Re: [PATCH 0/5] x86: CVE-2017-5715, aka Spectre
  - From: Florian Weimer

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]