[PATCH 1/5] x86: Add -mindirect-branch=
David Woodhouse
dwmw2@infradead.org
Sat Jan 13 09:59:00 GMT 2018
On Fri, 2018-01-12 at 10:57 -0700, Jeff Law wrote:
>
> WRT text relocs, yea that sucks, but if we're going to have user space
> mitigations, then we're likely going to need those relocs so that the
> thunks can be patched out. I'm actually hoping we're not going to need
> user space mitigations for spectre v2 and we can avoid this problem..
As things stand with retpoline in the kernel, userspace processes
aren't protected from each other. The attack mode is complex and
probably fairly unlikely, and we need to get the new microcode support
into the kernel, with the IBPB (flush branch predictor) MSR. And for
the kernel to use it, of course.
In the meantime, it does potentially make sense for sensitive userspace
processes to be compiled this way. Especially if they're going to run
external code (like JavaScript) and attempt to sandbox it — which is
something that IBPB isn't going to solve either.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5213 bytes
Desc: not available
URL: <http://gcc.gnu.org/pipermail/gcc-patches/attachments/20180113/26a4fe2d/attachment.bin>
More information about the Gcc-patches
mailing list