This is the mail archive of the binutils@sourceware.org mailing list for the binutils project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: Gold Linker Patch: Introduce the "retpoline" x86 mitigation technique for variant #2 of the speculative execution vulnerabilities disclosed today, specifically identified by CVE-2017-5715 and in some places called "spectre".

From: Florian Weimer <fweimer at redhat dot com>
To: Sriraman Tallam <tmsriram at google dot com>, Ian Lance Taylor <iant at google dot com>
Cc: Cary Coutant <ccoutant at gmail dot com>, binutils <binutils at sourceware dot org>, Chandler Carruth <chandlerc at google dot com>, Reid Kleckner <rnk at google dot com>, Eric Christopher <echristo at google dot com>, Rui Ueyama <ruiu at google dot com>, Brooks Moses <bmoses at google dot com>, Sidney Hummert <shummert at google dot com>, Xinliang David Li <davidxl at google dot com>
Date: Fri, 5 Jan 2018 20:09:02 +0100
Subject: Re: Gold Linker Patch: Introduce the "retpoline" x86 mitigation technique for variant #2 of the speculative execution vulnerabilities disclosed today, specifically identified by CVE-2017-5715 and in some places called "spectre".
Authentication-results: sourceware.org; auth=none
References: <CAAs8HmzJkLiGaUWf9czpNfEejM=uCP=zFvudADEuxsA2wHk+fQ@mail.gmail.com> <CAJimCsGGcXCxQUWD9XGmEHdJ+w01Tr0u29yowA9b16YGHHxMkA@mail.gmail.com> <17cb3295-626f-ba0f-7458-c13eaea24d2b@redhat.com> <CAKOQZ8xQVsEbCrRPixexWO699KPBR_JObZCBF6C9zkNxQrM+rA@mail.gmail.com> <CAAs8Hmw5mXF3ZMn5B7TaS37VuHyCszW-FgQQn-JryE_TD49Wzg@mail.gmail.com>

On 01/05/2018 06:51 PM, Sriraman Tallam wrote:

If we think this is a problem that needs to be fixed, we should remove the
indirect call altogether, and have the dynamic linker generate a direct call
at load time.  There are few constraints associated with that (4 GiB total
application + DSO size, some SELinux users will unhappy, lack of lazy
binding support), but at least it can be turned on in practice.

How practical is this really for 64-bit address space where libc is
not mapped close to the binary.

libc can be mapped anywhere. The dynamic loader does that, not thekernel, so the placement is really up to the loader. What you cannot dois place the dynamic loader itself close to the rest of the programbinaries because the kernel loads both the program and the dynamicloader (the latter as the program interpreter). But references to theloader are rare and could still be handled with redirection through libc.


Thanks,
Florian

References:

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]