On 02/08/2018 12:33 PM, Richard Biener wrote: > On Wed, Feb 7, 2018 at 1:01 PM, Andreas Krebbel > <kreb...@linux.vnet.ibm.com> wrote: >> This patch implements GCC support for mitigating vulnerability >> CVE-2017-5715 known as Spectre #2 on IBM Z. >> >> In order to disable prediction of indirect branches the implementation >> makes use of an IBM Z specific feature - the execute instruction. >> Performing an indirect branch via execute prevents the branch from >> being subject to dynamic branch prediction. >> >> The implementation tries to stay close to the x86 solution regarding >> user interface. >> >> x86 style options supported (without thunk-inline): >> >> -mindirect-branch=(keep|thunk|thunk-extern) >> -mfunction-return=(keep|thunk|thunk-extern) >> >> IBM Z specific options: >> >> -mindirect-branch-jump=(keep|thunk|thunk-extern|thunk-inline) >> -mindirect-branch-call=(keep|thunk|thunk-extern) >> -mfunction-return-reg=(keep|thunk|thunk-extern) >> -mfunction-return-mem=(keep|thunk|thunk-extern) >> >> These options allow us to enable/disable the branch conversion at a >> finer granularity. >> >> -mindirect-branch sets the value of -mindirect-branch-jump and >> -mindirect-branch-call. >> >> -mfunction-return sets the value of -mfunction-return-reg and >> -mfunction-return-mem. >> >> All these options are supported on GCC command line as well as >> function attributes. >> >> 'thunk' triggers the generation of out of line thunks (expolines) and >> replaces the formerly indirect branch with a direct branch to the >> thunk. Depending on the -march= setting two different types of thunks >> are generated. With -march=z10 or higher exrl (execute relative long) >> is being used while targeting older machines makes use of larl/ex >> instead. From a security perspective the exrl variant is preferable. >> >> 'thunk-extern' does the branch replacement like 'thunk' but does not >> emit the thunks. >> >> 'thunk-inline' is only available for indirect jumps. It should be used >> in environments where correct CFI is important - known as user space. >> >> Additionally the patch introduces the -mindirect-branch-table option >> which generates tables pointing to the locations which have been >> modified. This is supposed to allow reverting the changes without >> re-compilation in situations where it isn't required. The sections are >> split up into one section per option. >> >> I plan to commit the patch tomorrow. > > Do you also plan to backport this to the GCC 7 branch?
Yes, I'm working on it. -Andreas-
