Hi all,

 

With Spectre variant 2 (CVE-2017-5715), gcc has been updated to avoid branch prediction problems via the retpoline patch.  Specifically, by using either –mindirect-branch=thunk-inline or –mindirect-branch=thunk or –mindirect-branch-thunk-external, the compiler will convert indirect branches and function returns to call and return thunks thus avoiding speculative execution in those cases.  Of course, there is a performance penalty depending on the exact argument used.  Has anyone compiled uclibc with one of those switches?

 

Take care,

----
John Ata, CISSP

Senior Principal Software Engineer

Electronics Systems

STOP Operating System Software Development

 

T 703-563-8115 | F 703-668-4359 | john.ata@baesystems.com

http://www.baesystems.com/csp

cid:image001.png@01D138BC.8E54E330cid:image003.png@01D138BC.8E54E330cid:image004.png@01D138BC.8E54E330cid:image006.png@01D138BC.8E54E330