This is the mail archive of the gcc@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: GCC and Meltdown and Spectre vulnerabilities

From: Zan Lynx <zlynx at acm dot org>
To: gcc at gcc dot gnu dot org,Eric Gallager <egall at gwmail dot gwu dot edu>
Date: Thu, 04 Jan 2018 20:14:48 -0700
Subject: Re: GCC and Meltdown and Spectre vulnerabilities
Authentication-results: sourceware.org; auth=none
References: <CAMfHzOtmtS9JcbXz0S4PF+ecpCL7nFa=6nLR56S7AY-jMazyYQ@mail.gmail.com>

On January 4, 2018 8:10:14 PM MST, Eric Gallager <egall@gwmail.gwu.edu> wrote:
>Is there anything GCC could be doing at the compiler level to mitigate
>the recently-announced Meltdown and Spectre vulnerabilities? From
>reading about them, it seems like they involve speculative execution
>and indirect branch prediction, and those are the domain of things the
>compiler deals with, right? (For reference, Meltdown is CVE-2017-5754,
>and Spectre is CVE-2017-5753 and CVE-2017-5715)
>
>Just wondering,
>Eric

If you're allowing people to run untrustworthy machine code on your hardware there's nothing a compiler can do to help. You'd need to make them use your compiler, and why would they?

So anyone offering shell accounts or virtual machines is out of luck.

Follow-Ups:
- Re: GCC and Meltdown and Spectre vulnerabilities
  - From: Ian Lance Taylor via gcc

References:
- GCC and Meltdown and Spectre vulnerabilities
  - From: Eric Gallager

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]