[uclibc-ng-devel] compile uclibc with retpoline switch

Ata, John (US) john.ata at baesystems.com
Fri Apr 6 01:56:36 CEST 2018


Thanks!  I built both 32 bit and 64 bit uclibc with –mindirect-branch=thunk placed in the UCLIBC_EXTRA_CFLAGS field so far I haven't noticed any problems.  As this gets more use/exposure, I'll update...

Take care,
---- 
John Ata, CISSP
Senior Principal Software Engineer
Electronics Systems
STOP Operating System Software Development

T 703-563-8115 | F 703-668-4359 | john.ata at baesystems.com
http://www.baesystems.com/csp



-----Original Message-----
From: devel [mailto:devel-bounces at uclibc-ng.org] On Behalf Of kapeka
Sent: Wednesday, April 04, 2018 2:56 PM
To: devel at uclibc-ng.org
Subject: Re: [uclibc-ng-devel] compile uclibc with retpoline switch

*** WARNING ***
EXTERNAL EMAIL -- This message originates from outside our organization.


HI;

On Mi, 2018-04-04 at 19:49 +0200, Waldemar Brodkorb wrote:
> Hi,
> Ata, John  (US) wrote,
> 
> > Hi all,
> > 
> >  
> > 
> > With Spectre variant 2 (CVE-2017-5715), gcc has been updated to
> > avoid branch
> > prediction problems via the retpoline patch.  Specifically, by
> > using either –
> > mindirect-branch=thunk-inline or –mindirect-branch=thunk or
> > –mindirect-branch-
> > thunk-external, the compiler will convert indirect branches and
> > function
> > returns to call and return thunks thus avoiding speculative
> > execution in those
> > cases.  Of course, there is a performance penalty depending on the
> > exact
> > argument used.  Has anyone compiled uclibc with one of those
> > switches?
> 
> I didn't tried it, yet. You might be the first :)

I did with standard compiler settings (gcc 7.3.0 and gcc 5.5 with
patches) and got 

Mitigation: Full AMD retpoline

on a PC Engines APU2 compared without gcc 5 patch:

Vulnerable: Minimal AMD ASM retpoline


> Any issues seen with that?

Running it for a few weeks.
Observed some hickups after a few running the uclibc-ng machine with
gcc5-based toolchain for WIFI, but not shure if it's related to the
Spectre2 mitgation.


regards kp


> best regards
>  Waldemar
> _______________________________________________
> devel mailing list
> devel at uclibc-ng.org
> https://mailman.uclibc-ng.org/cgi-bin/mailman/listinfo/devel
_______________________________________________
devel mailing list
devel at uclibc-ng.org
https://mailman.uclibc-ng.org/cgi-bin/mailman/listinfo/devel


More information about the devel mailing list