Gold Linker Patch: Introduce the "retpoline" x86 mitigation technique for variant #2 of the speculative execution vulnerabilities disclosed today, specifically identified by CVE-2017-5715 and in some places called "spectre".
Mon Jan 8 20:12:00 GMT 2018
> * Plain Static linking is going to be a problem since it does not work
> with PIE + static. We have investigated using musl libc to enable
> static linking + PIE and we had somebody who was successfully able to
> link the dynamic relocator within a statlic binary to make PIE work
> but it looks like it is going to be quite a while before this can be
We're not necessarily talking about fully-static linking in the sense
of -static -- a "mostly-static" executable with the degenerate case of
no shared libraries can give you a PIE executable that uses the
dynamic loader for its relocation, but with no PLT entries.
> * We are looking at partially statically linking hot memops to remove
> the PLT + ifunc penalty for these calls. I understand that we may
> still have to rebuild libc.so to use retpoline maybe.
> * Regarding what HJ said, unless I misunderstood, I believe he is
> referring to using fno-plt. We considered that but the problem is the
> indirect jump still exists, but now at the call site. The mitigation
> would still be necessary at the call site as it is still exposed to
> the attack.
GCC's -mindirect-branch=thunk or LLVM's -mretpoline option should take
care of those indirect jumps.
> This is based on my limited understanding of the vulnerabilities and
> the exploits. Thanks for reviewing and my apologies if some of the
> discussions/comments were offensive.
Sri, you've got nothing to apologize for. I see nothing even the
remotest bit offensive in anything you've written. I appreciate the
work you're doing on this.
More information about the Binutils