Hi, Michael Lange wrote: > compiler that is "retpoline-aware" (as the > "checker"-script calls it, whatever that means)
The term was coined by Google engineers https://support.google.com/faqs/answer/7625886 "The name “retpoline” is a portmanteau of “return” and “trampoline.” It is a trampoline construct constructed using return operations which also figuratively ensures that any associated speculative execution will “bounce” endlessly. (If it brings you any amusement: imagine speculative execution as an overly energetic 7-year old that we must now build a warehouse of trampolines around.)" It is worthwhile to read this early description of Spectre, which they call "Variant 2" or "CVE-2017-5715". Retpoline is on the first view useless effort for the CPU, so i guess a compiler must be kept from optimizing it away. The goal is to prevent speculative execution of code at addresses which the attacker seeded into the branch prediction table of the CPU. Have a nice day :) Thomas
