https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102926
--- Comment #3 from Ard Biesheuvel <ardb at kernel dot org> --- (In reply to Andrew Pinski from comment #1) > I don't think it is a security risk really because all spills then can be > considered security risks. I would argue that there is no consensus on that. In fact, there is elaborate handling of the stack canary in the ARM backend, not only to prevent spilling of the stack canary address or value, but even to ensure that the value is cleared from all registers that carried it while performing the test or the set. In any case, regardless of whether this is a security issue or not (when/if my TLS stack protector changes get accepted), spilling the TLS register value is definitely unnecessary.
