HI;
On Mi, 2018-04-04 at 19:49 +0200, Waldemar Brodkorb wrote:
Hi, Ata, John (US) wrote,
Hi all,
With Spectre variant 2 (CVE-2017-5715), gcc has been updated to avoid branch prediction problems via the retpoline patch. Specifically, by using either – mindirect-branch=thunk-inline or –mindirect-branch=thunk or –mindirect-branch- thunk-external, the compiler will convert indirect branches and function returns to call and return thunks thus avoiding speculative execution in those cases. Of course, there is a performance penalty depending on the exact argument used. Has anyone compiled uclibc with one of those switches?
I didn't tried it, yet. You might be the first :)
I did with standard compiler settings (gcc 7.3.0 and gcc 5.5 with patches) and got
Mitigation: Full AMD retpoline
on a PC Engines APU2 compared without gcc 5 patch:
Vulnerable: Minimal AMD ASM retpoline
Any issues seen with that?
Running it for a few weeks. Observed some hickups after a few running the uclibc-ng machine with gcc5-based toolchain for WIFI, but not shure if it's related to the Spectre2 mitgation.
regards kp
best regards Waldemar _______________________________________________ devel mailing list devel@uclibc-ng.org https://mailman.uclibc-ng.org/cgi-bin/mailman/listinfo/devel