HI; On Mi, 2018-04-04 at 19:49 +0200, Waldemar Brodkorb wrote: > Hi, > Ata, John (US) wrote, > > > Hi all, > > > > > > > > With Spectre variant 2 (CVE-2017-5715), gcc has been updated to > > avoid branch > > prediction problems via the retpoline patch. Specifically, by > > using either – > > mindirect-branch=thunk-inline or –mindirect-branch=thunk or > > –mindirect-branch- > > thunk-external, the compiler will convert indirect branches and > > function > > returns to call and return thunks thus avoiding speculative > > execution in those > > cases. Of course, there is a performance penalty depending on the > > exact > > argument used. Has anyone compiled uclibc with one of those > > switches? > > I didn't tried it, yet. You might be the first :)
I did with standard compiler settings (gcc 7.3.0 and gcc 5.5 with patches) and got Mitigation: Full AMD retpoline on a PC Engines APU2 compared without gcc 5 patch: Vulnerable: Minimal AMD ASM retpoline > Any issues seen with that? Running it for a few weeks. Observed some hickups after a few running the uclibc-ng machine with gcc5-based toolchain for WIFI, but not shure if it's related to the Spectre2 mitgation. regards kp > best regards > Waldemar > _______________________________________________ > devel mailing list > devel@uclibc-ng.org > https://mailman.uclibc-ng.org/cgi-bin/mailman/listinfo/devel _______________________________________________ devel mailing list devel@uclibc-ng.org https://mailman.uclibc-ng.org/cgi-bin/mailman/listinfo/devel
