On Thu, Feb 8, 2018 at 11:57 AM, H.J. Lu <hjl.to...@gmail.com> wrote: > On Thu, Feb 8, 2018 at 4:17 AM, Andreas Krebbel > <kreb...@linux.vnet.ibm.com> wrote: >> On 02/08/2018 12:33 PM, Richard Biener wrote: >>> On Wed, Feb 7, 2018 at 1:01 PM, Andreas Krebbel >>> <kreb...@linux.vnet.ibm.com> wrote: >>>> This patch implements GCC support for mitigating vulnerability >>>> CVE-2017-5715 known as Spectre #2 on IBM Z. >>>> >>>> In order to disable prediction of indirect branches the implementation >>>> makes use of an IBM Z specific feature - the execute instruction. >>>> Performing an indirect branch via execute prevents the branch from >>>> being subject to dynamic branch prediction. >>>> >>>> The implementation tries to stay close to the x86 solution regarding >>>> user interface. >>>> >>>> x86 style options supported (without thunk-inline): >>>> >>>> -mindirect-branch=(keep|thunk|thunk-extern) >>>> -mfunction-return=(keep|thunk|thunk-extern) >>>> >>>> IBM Z specific options: >>>> >>>> -mindirect-branch-jump=(keep|thunk|thunk-extern|thunk-inline) >>>> -mindirect-branch-call=(keep|thunk|thunk-extern) >>>> -mfunction-return-reg=(keep|thunk|thunk-extern) >>>> -mfunction-return-mem=(keep|thunk|thunk-extern) >>>> >>>> These options allow us to enable/disable the branch conversion at a >>>> finer granularity. >>>> >>>> -mindirect-branch sets the value of -mindirect-branch-jump and >>>> -mindirect-branch-call. >>>> >>>> -mfunction-return sets the value of -mfunction-return-reg and >>>> -mfunction-return-mem. >>>> >>>> All these options are supported on GCC command line as well as >>>> function attributes. >>>> >>>> 'thunk' triggers the generation of out of line thunks (expolines) and >>>> replaces the formerly indirect branch with a direct branch to the >>>> thunk. Depending on the -march= setting two different types of thunks >>>> are generated. With -march=z10 or higher exrl (execute relative long) >>>> is being used while targeting older machines makes use of larl/ex >>>> instead. From a security perspective the exrl variant is preferable. >>>> >>>> 'thunk-extern' does the branch replacement like 'thunk' but does not >>>> emit the thunks. >>>> >>>> 'thunk-inline' is only available for indirect jumps. It should be used >>>> in environments where correct CFI is important - known as user space. >>>> >>>> Additionally the patch introduces the -mindirect-branch-table option >>>> which generates tables pointing to the locations which have been >>>> modified. This is supposed to allow reverting the changes without >>>> re-compilation in situations where it isn't required. The sections are >>>> split up into one section per option. >>>> >>>> I plan to commit the patch tomorrow. >>> >>> Do you also plan to backport this to the GCC 7 branch? >> >> Yes, I'm working on it. >> > > This breaks glibc build: > > /export/gnu/import/git/toolchain/build/compilers/s390x-linux-gnu/glibc/s390x-linux-gnu/libc_pic.os: > In function `__cmsg_nxthdr': > /export/ssd/git/toolchain/build/compilers/s390x-linux-gnu/glibc-src/s390x-linux-gnu/socket/../sysdeps/unix/sysv/linux/cmsg_nxthdr.c:39: > undefined reference to `__s390_indirect_jump_r1use_r14' > /export/ssd/git/toolchain/build/compilers/s390x-linux-gnu/glibc-src/s390x-linux-gnu/socket/../sysdeps/unix/sysv/linux/cmsg_nxthdr.c:39: > undefined reference to `__s390_indirect_jump_r1use_r14' > collect2: error: ld returned 1 exit status > make[4]: *** [../Makerules:765: > /export/gnu/import/git/toolchain/build/compilers/s390x-linux-gnu/glibc/s390x-linux-gnu/libc.so] > Error 1 > make[4]: Leaving directory > '/export/ssd/git/toolchain/build/compilers/s390x-linux-gnu/glibc-src/s390x-linux-gnu/elf' > make[3]: *** [Makefile:215: elf/subdir_lib] Error 2 > make[3]: Leaving directory > '/export/ssd/git/toolchain/build/compilers/s390x-linux-gnu/glibc-src/s390x-linux-gnu' > make[2]: *** [Makefile:9: all] Error 2 > make[2]: Leaving directory > '/export/ssd/git/toolchain/build/compilers/s390x-linux-gnu/glibc/s390x-linux-gnu'
I opened: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=84295 -- H.J.
