This is the mail archive of the
binutils@sourceware.org
mailing list for the binutils project.
Re: Gold Linker Patch: Introduce the "retpoline" x86 mitigation technique for variant #2 of the speculative execution vulnerabilities disclosed today, specifically identified by CVE-2017-5715 and in some places called "spectre".
- From: Cary Coutant <ccoutant at gmail dot com>
- To: Sriraman Tallam <tmsriram at google dot com>
- Cc: Chandler Carruth <chandlerc at google dot com>, Florian Weimer <fweimer at redhat dot com>, binutils <binutils at sourceware dot org>, Reid Kleckner <rnk at google dot com>, Eric Christopher <echristo at google dot com>, Rui Ueyama <ruiu at google dot com>, Brooks Moses <bmoses at google dot com>, Sidney Hummert <shummert at google dot com>, Xinliang David Li <davidxl at google dot com>
- Date: Mon, 8 Jan 2018 12:11:57 -0800
- Subject: Re: Gold Linker Patch: Introduce the "retpoline" x86 mitigation technique for variant #2 of the speculative execution vulnerabilities disclosed today, specifically identified by CVE-2017-5715 and in some places called "spectre".
- Authentication-results: sourceware.org; auth=none
- References: <CAAs8HmzJkLiGaUWf9czpNfEejM=uCP=zFvudADEuxsA2wHk+fQ@mail.gmail.com> <CAJimCsGGcXCxQUWD9XGmEHdJ+w01Tr0u29yowA9b16YGHHxMkA@mail.gmail.com> <17cb3295-626f-ba0f-7458-c13eaea24d2b@redhat.com> <CAJimCsE6bZ9VwKTfh9dFvT1HmNb==0Kxh6EJQQWXGoH-U=Epsg@mail.gmail.com> <CAGCO0KhMmBJXuWbb89ZG6tgpVHgmxkE5-xEmMikBjPkVQBDmPA@mail.gmail.com> <CAJimCsFh4c+JgR27i6kVEqexvbfkJJERZ7v7bp6b4JYbR2nUqg@mail.gmail.com> <CAAs8HmyztZxr64OF1q8Vuj=mBeAJXfRS7qssdADDiS5QA3sFpg@mail.gmail.com>
> * Plain Static linking is going to be a problem since it does not work
> with PIE + static. We have investigated using musl libc to enable
> static linking + PIE and we had somebody who was successfully able to
> link the dynamic relocator within a statlic binary to make PIE work
> but it looks like it is going to be quite a while before this can be
> deployed.
We're not necessarily talking about fully-static linking in the sense
of -static -- a "mostly-static" executable with the degenerate case of
no shared libraries can give you a PIE executable that uses the
dynamic loader for its relocation, but with no PLT entries.
> * We are looking at partially statically linking hot memops to remove
> the PLT + ifunc penalty for these calls. I understand that we may
> still have to rebuild libc.so to use retpoline maybe.
> * Regarding what HJ said, unless I misunderstood, I believe he is
> referring to using fno-plt. We considered that but the problem is the
> indirect jump still exists, but now at the call site. The mitigation
> would still be necessary at the call site as it is still exposed to
> the attack.
GCC's -mindirect-branch=thunk or LLVM's -mretpoline option should take
care of those indirect jumps.
> This is based on my limited understanding of the vulnerabilities and
> the exploits. Thanks for reviewing and my apologies if some of the
> discussions/comments were offensive.
Sri, you've got nothing to apologize for. I see nothing even the
remotest bit offensive in anything you've written. I appreciate the
work you're doing on this.
-cary