[PATCH] D41723: Introduce the "retpoline" x86 mitigation technique for variant #2 of the speculative execution vulnerabilities disclosed today, specifically identified by CVE-2017-5715, "Branch Target Injection", and is one of the two halves to Spectre..

[Chandler Carruth via llvm-commits]

On Thu, Jan 4, 2018 at 10:02 AM Tom Stellard via Phabricator via
llvm-commits <llvm-commits at lists.llvm.org> wrote:

> tstellar added a comment.
>
> Also,  does this mitigation require the use of lld or is there a way to
> make this work with gnu ld ?
>

*IF* you are mitigating a dynamically linked executable of some kind, and
thus have PLT-based indirect dispatch between images (even if it is just
between the loader and your executable), then you need some linker support.

This patch provides LLD support. We've also developed a Gold patch and that
should be out for review today, and backported. I'm hopeful Intel or others
will develop BFD-based GNU ld patches as well. Any of these will be
sufficient.

However I want to reiterate something that may have been lost: we expect
this use case to be even more rare than generic use cases for retpoline.

The software systems which need this mitigation are most often OS kernels,
hypervisors, drivers, etc. Things that execute with elevated privileges but
in conjunction with userspace, potentially untrusted code. Much of this
software will have no PLT and no need for the linker support.

We're providing the linker support to cover the case where there is an
unusually privileged userspace application that needs to be secured.


>
>
> https://reviews.llvm.org/D41723
>
>
>
> _______________________________________________
> llvm-commits mailing list
> llvm-commits at lists.llvm.org
> http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-commits
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20180104/166ce292/attachment.html>