This is the mail archive of the
gcc-patches@gcc.gnu.org
mailing list for the GCC project.
Re: [PATCH 00/11] (v2) Mitigation against unsafe data speculation (CVE-2017-5753)
- From: "Richard Earnshaw (lists)" <Richard dot Earnshaw at arm dot com>
- To: John David Anglin <dave dot anglin at bell dot net>, Jeff Law <law at redhat dot com>
- Cc: GCC Patches <gcc-patches at gcc dot gnu dot org>
- Date: Fri, 3 Aug 2018 10:06:40 +0100
- Subject: Re: [PATCH 00/11] (v2) Mitigation against unsafe data speculation (CVE-2017-5753)
- References: <1531154299-28349-1-git-send-email-Richard.Earnshaw@arm.com> <1532684275-13041-1-git-send-email-Richard.Earnshaw@arm.com> <b2f0984c-87a5-ac35-ca35-f9e067bbc445@bell.net> <26e2cb56-8a62-8f09-adfc-8d9e7c9fe6ec@redhat.com> <1ed6a085-faf7-cfc0-af4a-7d4de8aeab46@bell.net>
On 02/08/18 21:19, John David Anglin wrote:
> On 2018-08-02 2:40 PM, Jeff Law wrote:
>> It's been eons. I think there's enough building blocks on the PA to
>> mount a spectre v1 attack. They've got branch prediction with varying
>> degress of speculative execution, caches and user accessable cycle
>> timers.
> Yes.
>>
>> There's varying degrees of out of order execution all the way back in
>> the PA7xxx processors (hit-under-miss) to full o-o-o execution in the
>> PA8xxx series (including the PA8900 that's in the rp3440).
> However, as far as I know, loads and stores are always ordered.
>>
>> I suspect that given enough time we could figure out why the test didn't
>> indicate spectre v1 vulnerability on your system and twiddle it, but
>> given it's a dead processor, I doubt it's worth the effort.
> Spectre output looks like this:
> dave@mx3210:~/meltdown$ ./spectre
> Reading 40 bytes:
> Reading at malicious_x = 0xffffef10... Unclear: 0xFE='?' score=999
> (second best: 0xFC score=999)
> Reading at malicious_x = 0xffffef11... Unclear: 0xFC='?' score=999
> (second best: 0xFB score=999)
> Reading at malicious_x = 0xffffef12... Unclear: 0xFE='?' score=999
> (second best: 0xFC score=999)
>
> I don't think there's a suitable barrier. The sync instruction seems
> like overkill.
>
> So, I'm going to install attached change after testing is complete.
>
It's your call as port maintainers.
I've created a PR for each unfixed architecture. Please can you commit
the patch against that so that I can track things for back-porting.
Thanks,
R.
> Dave
>
>
> pa-spectre.d
>
>
> Index: config/pa/pa.c
> ===================================================================
> --- config/pa/pa.c (revision 263228)
> +++ config/pa/pa.c (working copy)
> @@ -428,6 +428,9 @@
> #undef TARGET_STARTING_FRAME_OFFSET
> #define TARGET_STARTING_FRAME_OFFSET pa_starting_frame_offset
>
> +#undef TARGET_HAVE_SPECULATION_SAFE_VALUE
> +#define TARGET_HAVE_SPECULATION_SAFE_VALUE speculation_safe_value_not_needed
> +
> struct gcc_target targetm = TARGET_INITIALIZER;
>
> /* Parse the -mfixed-range= option string. */
>