This is the mail archive of the
binutils@sourceware.org
mailing list for the binutils project.
Re: Gold Linker Patch: Introduce the "retpoline" x86 mitigation technique for variant #2 of the speculative execution vulnerabilities disclosed today, specifically identified by CVE-2017-5715 and in some places called "spectre".
- From: "Rui Ueyama via binutils" <binutils at sourceware dot org>
- To: Sriraman Tallam <tmsriram at google dot com>
- Cc: "H.J. Lu" <hjl dot tools at gmail dot com>, Florian Weimer <fweimer at redhat dot com>, Cary Coutant <ccoutant at gmail dot com>, Chandler Carruth <chandlerc at google dot com>, binutils <binutils at sourceware dot org>, Reid Kleckner <rnk at google dot com>, Eric Christopher <echristo at google dot com>, Brooks Moses <bmoses at google dot com>, Sidney Hummert <shummert at google dot com>, Xinliang David Li <davidxl at google dot com>, Rahul Chaudhry <rahulchaudhry at google dot com>
- Date: Mon, 8 Jan 2018 21:15:38 +0000
- Subject: Re: Gold Linker Patch: Introduce the "retpoline" x86 mitigation technique for variant #2 of the speculative execution vulnerabilities disclosed today, specifically identified by CVE-2017-5715 and in some places called "spectre".
- Authentication-results: sourceware.org; auth=none
- References: <CAAs8HmzJkLiGaUWf9czpNfEejM=uCP=zFvudADEuxsA2wHk+fQ@mail.gmail.com> <CAJimCsGGcXCxQUWD9XGmEHdJ+w01Tr0u29yowA9b16YGHHxMkA@mail.gmail.com> <17cb3295-626f-ba0f-7458-c13eaea24d2b@redhat.com> <CAJimCsE6bZ9VwKTfh9dFvT1HmNb==0Kxh6EJQQWXGoH-U=Epsg@mail.gmail.com> <CAGCO0KhMmBJXuWbb89ZG6tgpVHgmxkE5-xEmMikBjPkVQBDmPA@mail.gmail.com> <CAJimCsFh4c+JgR27i6kVEqexvbfkJJERZ7v7bp6b4JYbR2nUqg@mail.gmail.com> <CAAs8HmyztZxr64OF1q8Vuj=mBeAJXfRS7qssdADDiS5QA3sFpg@mail.gmail.com> <e7ca7f34-08bf-5024-568a-5f47e31a998a@redhat.com> <CAAs8HmxT_3nBxBhTGLARV8NX+G3K8SbH8_J9eGX8prmnibPm7Q@mail.gmail.com> <277ce2e7-88bf-b1ab-11e8-a9c53b6a9100@redhat.com> <CAAs8Hmzja3v9EZnLQSvS8P8NOQn3VHhYuOHAnFP-budxz+xghw@mail.gmail.com> <CAJENXguR9=L8zbGbttnLc_Up_ONh-diX1ULJvn7P5A9=9ebhOQ@mail.gmail.com> <d7a4f16b-f6e4-b489-a927-e31e13c8b23b@redhat.com> <CAAs8HmzBLo2O6Hrf7i7rbZ85tt+Ub4fRrn16OLPb4hGqGTtWsQ@mail.gmail.com> <CAMe9rOoQWmVTqrgaopogmebmL7cStms8pvqgtSyrDjG5ykDAVA@mail.gmail.com> <CAAs8HmzSTzkc1vnC8UMuYGMdq-gb1G5Z4A5PdON=JitC4MC2FA@mail.gmail.com>
- Reply-to: Rui Ueyama <ruiu at google dot com>
On Mon, Jan 8, 2018 at 9:09 PM, Sriraman Tallam <tmsriram@google.com> wrote:
> On Mon, Jan 8, 2018 at 12:22 PM, H.J. Lu <hjl.tools@gmail.com> wrote:
> > On Mon, Jan 8, 2018 at 12:17 PM, Sriraman Tallam via binutils
> > <binutils@sourceware.org> wrote:
> >> On Mon, Jan 8, 2018 at 11:01 AM, Florian Weimer <fweimer@redhat.com>
> wrote:
> >>> On 01/08/2018 07:51 PM, Rui Ueyama wrote:
> >>>>
> >>>> A drawback of using BIND_NOW is that an application that has a PLT
> entry
> >>>> that cannot be resolved but not used fails to start with that option.
> >>>
> >>>
> >>> That can be a good or bad thing, depending on your perspective. With
> more
> >>> and more use of symbol versioning, the point is increasingly moot
> because
> >>> the set of symbol versions is not checked lazily.
> >>
> >> Ok, my attempt to summarize the discussions around this patch:
> >>
> >> a) We don't need this patch.
> >> * We could deploy fno-plt and now binding and remove PLTs
> >> altogether. We have to fix correctness issues related to these, like
> >> the one Rui pointed out.
> >
> > What correctness issue?
>
> If a lazy bound symbol cannot be resolved and is not resolved at
> run-time, now binding will expose the issue.
A little off-topic, but we can make a change to the dynamic loader so that
it binds an unresolvable PLT entry to a function that prints out an error
message as if it failed to resolve the dynamic symbol lazily and then exit.
That should make the behavior of LD_BIND_NOW exactly the same as with lazy
binding.
> >
> >> * One other pain point is we do have internally is we use a
> >> configuration for tests where we build a number of shared objects and
> >> keep the main binary pretty thin. We have explicitly disabled now
> >> binding for this due to performance reasons, huge increase in the
> >> number of dynamic relocations putting unacceptable overheads on our
> >> distributed build system. We need to find a solution here.
> >
> > Have you measured performance impact of -fno-plt?
>
> I have conducted some experiments with fno-plt for binaries that
> mostly statically linked with some hot calls to libc. fno-plt did
> gives us 0.5 %- 1% improvements here and we have plans to turn this on
> for performance sensitive binaries. fno-plt seems to help in reducing
> iTLB misses when used in conjunction with kernel huge pages.
>
> >
> >> * The compiler is eliminating indirect branches and calls
> >> anyway, might as well do it with fno-plt also. With
> >> -mindirect-branch=think this might also be unnecessary but LLVM
> >> atleast does not support this yet.
> >
> > Shouldn't LLVM be fixed?
>
> Yes, I can take a look at fixing LLVM fo this.
>
> >
> >> * We still have to find a solution to avoid PLTs for shared
> >> objects, needs re-building and fixing performance issues.
> >> * We could use static linking but that is not an immediate
> solution.
> >>
> >> b) We have this patch in the linker:
> >> * If we want to continue to use lazy binding or just keep PLTs as
> >> it is and take the penalty for the project, this is easy.
> >> * My testing with retpoline for large programs shows this is
> >> pretty straightforward to deploy, I did not run into any correctness
> >> issues that requires large-scale fixing of builds.
> >> * All other problems from a) exist. Shared libraries still need
> >> to be fixed, compiler needs to be fixed to avoid indirect calls, etc.
> >>
> >>>
> >>> Thanks,
> >>> Florian
> >
> >
> >
> > --
> > H.J.
>
- References:
- Re: Gold Linker Patch: Introduce the "retpoline" x86 mitigation technique for variant #2 of the speculative execution vulnerabilities disclosed today, specifically identified by CVE-2017-5715 and in some places called "spectre".
- Re: Gold Linker Patch: Introduce the "retpoline" x86 mitigation technique for variant #2 of the speculative execution vulnerabilities disclosed today, specifically identified by CVE-2017-5715 and in some places called "spectre".
- Re: Gold Linker Patch: Introduce the "retpoline" x86 mitigation technique for variant #2 of the speculative execution vulnerabilities disclosed today, specifically identified by CVE-2017-5715 and in some places called "spectre".
- Re: Gold Linker Patch: Introduce the "retpoline" x86 mitigation technique for variant #2 of the speculative execution vulnerabilities disclosed today, specifically identified by CVE-2017-5715 and in some places called "spectre".
- From: Chandler Carruth via binutils
- Re: Gold Linker Patch: Introduce the "retpoline" x86 mitigation technique for variant #2 of the speculative execution vulnerabilities disclosed today, specifically identified by CVE-2017-5715 and in some places called "spectre".
- Re: Gold Linker Patch: Introduce the "retpoline" x86 mitigation technique for variant #2 of the speculative execution vulnerabilities disclosed today, specifically identified by CVE-2017-5715 and in some places called "spectre".
- From: Sriraman Tallam via binutils
- Re: Gold Linker Patch: Introduce the "retpoline" x86 mitigation technique for variant #2 of the speculative execution vulnerabilities disclosed today, specifically identified by CVE-2017-5715 and in some places called "spectre".
- Re: Gold Linker Patch: Introduce the "retpoline" x86 mitigation technique for variant #2 of the speculative execution vulnerabilities disclosed today, specifically identified by CVE-2017-5715 and in some places called "spectre".
- From: Sriraman Tallam via binutils
- Re: Gold Linker Patch: Introduce the "retpoline" x86 mitigation technique for variant #2 of the speculative execution vulnerabilities disclosed today, specifically identified by CVE-2017-5715 and in some places called "spectre".
- Re: Gold Linker Patch: Introduce the "retpoline" x86 mitigation technique for variant #2 of the speculative execution vulnerabilities disclosed today, specifically identified by CVE-2017-5715 and in some places called "spectre".
- From: Sriraman Tallam via binutils
- Re: Gold Linker Patch: Introduce the "retpoline" x86 mitigation technique for variant #2 of the speculative execution vulnerabilities disclosed today, specifically identified by CVE-2017-5715 and in some places called "spectre".
- From: Rui Ueyama via binutils
- Re: Gold Linker Patch: Introduce the "retpoline" x86 mitigation technique for variant #2 of the speculative execution vulnerabilities disclosed today, specifically identified by CVE-2017-5715 and in some places called "spectre".
- Re: Gold Linker Patch: Introduce the "retpoline" x86 mitigation technique for variant #2 of the speculative execution vulnerabilities disclosed today, specifically identified by CVE-2017-5715 and in some places called "spectre".
- From: Sriraman Tallam via binutils
- Re: Gold Linker Patch: Introduce the "retpoline" x86 mitigation technique for variant #2 of the speculative execution vulnerabilities disclosed today, specifically identified by CVE-2017-5715 and in some places called "spectre".
- Re: Gold Linker Patch: Introduce the "retpoline" x86 mitigation technique for variant #2 of the speculative execution vulnerabilities disclosed today, specifically identified by CVE-2017-5715 and in some places called "spectre".
- From: Sriraman Tallam via binutils