This is the mail archive of the
mailing list for the GCC project.
Re: [PATCH 0/5] x86: CVE-2017-5715, aka Spectre
- From: Florian Weimer <fw at deneb dot enyo dot de>
- To: "H.J. Lu" <hjl dot tools at gmail dot com>
- Cc: gcc-patches at gcc dot gnu dot org
- Date: Mon, 08 Jan 2018 09:27:02 +0100
- Subject: Re: [PATCH 0/5] x86: CVE-2017-5715, aka Spectre
- Authentication-results: sourceware.org; auth=none
- References: <email@example.com>
* H. J. Lu:
> This set of patches for GCC 8 mitigates variant #2 of the
> speculative execution vulnerabilities on x86 processors identified
> by CVE-2017-5715, aka Spectre. They convert indirect branches to
> call and return thunks to avoid speculative execution via indirect
> call and jmp.
Would it make sense to add a mode which relies on an empty return
stack cache? Or will CPUs use the regular branch predictor if the
return stack is empty?
With an empty return stack cache and no branch predictor, a simple
PUSH/RET sequence cannot be predicted, so the complex CALL sequence
with a speculation barrier is not needed.