Gold Linker Patch: Introduce the "retpoline" x86 mitigation technique for variant #2 of the speculative execution vulnerabilities disclosed today, specifically identified by CVE-2017-5715 and in some places called "spectre".
Florian Weimer
fweimer@redhat.com
Mon Jan 8 18:23:00 GMT 2018
On 01/08/2018 07:19 PM, Sriraman Tallam wrote:
> * Regarding what HJ said, unless I misunderstood, I believe he is
> referring to using fno-plt. We considered that but the problem is the
> indirect jump still exists, but now at the call site. The mitigation
> would still be necessary at the call site as it is still exposed to
> the attack.
But you'll have to patch GCC anyway to change the opcode sequence for
indirect jumps (just think of vtable dispatch), and then -fno-plt most
likely would move the dynamic linker and PLT stubs completely out of the
equation.
A DSO boundary is not a trust boundary, so this is not comparable to the
kernel situation at all. For a generic solution, you need to rewrite
all indirect function calls.
Thanks,
Florian
More information about the Binutils
mailing list