Gold Linker Patch: Introduce the "retpoline" x86 mitigation technique for variant #2 of the speculative execution vulnerabilities disclosed today, specifically identified by CVE-2017-5715 and in some places called "spectre".

[Cary Coutant]

> * Plain Static linking is going to be a problem since it does not work
> with PIE + static.  We have investigated using musl libc to enable
> static linking + PIE and we had somebody who was successfully able to
> link the dynamic relocator within a statlic binary to make PIE work
> but it looks like it is going to be quite a while before this can be
> deployed.

We're not necessarily talking about fully-static linking in the sense
of -static -- a "mostly-static" executable with the degenerate case of
no shared libraries can give you a PIE executable that uses the
dynamic loader for its relocation, but with no PLT entries.

> * We are looking at partially statically linking hot memops to remove
> the PLT + ifunc penalty for these calls.  I understand that we may
> still have to rebuild libc.so to use retpoline maybe.
> * Regarding what HJ said, unless I misunderstood, I believe he is
> referring to using fno-plt.  We considered that but the problem is the
> indirect jump still exists, but now at the call site.  The mitigation
> would still be necessary at the call site as it is still exposed to
> the attack.

GCC's -mindirect-branch=thunk or LLVM's -mretpoline option should take
care of those indirect jumps.

> This is based on my limited understanding of the vulnerabilities and
> the exploits.  Thanks for reviewing and my apologies if some of the
> discussions/comments were offensive.

Sri, you've got nothing to apologize for. I see nothing even the
remotest bit offensive in anything you've written. I appreciate the
work you're doing on this.

-cary