Hey Jeff, from what I understand when it comes to Spectre, it needs mitigations at the assembly level (I think it needs an lfence instruction in front of vulnerable branch instructions).
When it comes to compilation with inline or "external" assembly, I *think* the compiler just takes the assembly and copies it into the appropriate location during assembly-generation, skipping all the optimization and analysis steps of the compiler. Then the compiler generated assembly (which had the anti-spectre analysis pass) with the hand-written assembly are handed to the assembler to generate machine-code. I have confirmation that the above interpretation is roughly what clang / gcc do. MSVC on the other hand seems to indeed work with inline assembly (though this is 32-bit only) and may actually apply anti-spectre mitigations (of course, MSVC's anti-spectre function has been proven ineffective for now [1]) If this interpretation of how the compiler handles external assembly is correct, then we'd have to provide our own Spectre and Meltdown mitigations for our assembly code. Of course, I don't know exactly what extra instructions are needed at what locations. BR JPM [1]: https://www.paulkocher.com/doc/MicrosoftCompilerSpectreMitigation.html Am 24.02.2018 um 19:00 schrieb Jeffrey Walton: > Hi Everyone, > > We released Crypto++ 6.0 and 6.1 without Specter remediations in > place. We documented the fact in the README so folks know the risk > exists. > > The GCC patches have started hitting and we got a look at regular > versus Specter-hardened code. Here's what it looks like on my 3.0 GHz > Core i5 Skylake (6th gen)... > > * Does not affect ASM or intrinsics much. > - Does this mean they are still vulnerable? > * Does affect some C++ algorithms. > - When affected, effects are more pronounced > > Example, CRC-32, C++: > > * Non-Specter: 494 MiB/s, 5.79 cpb > * Specter hardened: 494 MiB/s, 5.79 cpb > > Example, CRC-32C, SSE4: > > * Non-Specter: 4164 MiB/s, 0.69 cpb > * Specter hardened: 4131 MiB/s, 0.69 cpb > > Example, MT19337, C++: > > * Non-Specter: 902 MiB/s, 3.17 cpb > * Specter hardened: 256 MiB/s, 11.20 cpb > > Example, AES-128/CTR, AES-NI: > > * Non-Specter: 4438 MiB/s, 0.64 cpb > * Specter hardened: 3291 MiB/s, 0.87 cpb > > Example, Speck-128/CTR, SSE4: > > * Non-Specter: 1161 MiB/s, 2.46 cpb > * Specter hardened: 1090 MiB/s, 2.63 cpb > > Jeff > -- You received this message because you are subscribed to "Crypto++ Users". More information about Crypto++ and this group is available at http://www.cryptopp.com and http://groups.google.com/forum/#!forum/cryptopp-users. --- You received this message because you are subscribed to the Google Groups "Crypto++ Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
