This is the mail archive of the binutils@sourceware.org mailing list for the binutils project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Gold Linker Patch: Introduce the "retpoline" x86 mitigation technique for variant #2 of the speculative execution vulnerabilities disclosed today, specifically identified by CVE-2017-5715 and in some places called "spectre".


On Mon, Jan 8, 2018 at 10:19 AM, Sriraman Tallam via binutils
<binutils@sourceware.org> wrote:
> Hi Cary,
>
> On Sun, Jan 7, 2018 at 3:14 PM, Cary Coutant <ccoutant@gmail.com> wrote:
>>> We aren't patching linkers just because we can. ;]
>>
>> Chandler, if I didn't know you personally, I'd take offense. Hmm,
>> maybe I took a wee bit of offense, even so. :-) Snark isn't going to
>> get you anywhere; it's more likely to close minds.
>>
>> The details of these vulnerabilities are out there now, and your
>> little circle is much bigger. That means you're now exposed to people
>> with different experiences and possibly more expertise. Even if you've
>> already been down certain paths and answered certain questions, you're
>> going to need to do it again for the rest of us. People on this thread
>> are asking reasonable questions, and if you want help and cooperation,
>> those questions deserve serious answers. Together, we may even come up
>> with better solutions.
>>
>> In particular, I'd like to know your answer to Alan's question about
>> the performance implications of deploying slow shared libraries where
>> not all applications need this mitigation, and the suggestion to just
>> compile secure apps statically. I'd like to know your answer to HJ's
>> suggestion to eliminate the PLT altogether (I have an answer to that,
>> but I'd like to know yours).
>
> Let me try to answer some of these questions since these were
> discussed and considered:
>
> * Plain Static linking is going to be a problem since it does not work
> with PIE + static.  We have investigated using musl libc to enable
> static linking + PIE and we had somebody who was successfully able to
> link the dynamic relocator within a statlic binary to make PIE work
> but it looks like it is going to be quite a while before this can be
> deployed.
> * We are looking at partially statically linking hot memops to remove
> the PLT + ifunc penalty for these calls.  I understand that we may
> still have to rebuild libc.so to use retpoline maybe.
> * Regarding what HJ said, unless I misunderstood, I believe he is
> referring to using fno-plt.  We considered that but the problem is the
> indirect jump still exists, but now at the call site.  The mitigation
> would still be necessary at the call site as it is still exposed to
> the attack.

Not with GCC using -mindirect-branch=thunk -fno-plt.

-- 
H.J.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]