Announcement

Collapse
No announcement yet.

Spectre Mitigation Added To GCC 8, Seeking Backport To GCC 7

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spectre Mitigation Added To GCC 8, Seeking Backport To GCC 7

    Phoronix: Spectre Mitigation Added To GCC 8, Seeking Backport To GCC 7

    Hitting the GCC 8 compiler Git/SVN code this Sunday morning are the changes needed compiler-side for CVE-2017-5715 / Spectre mitigation...

    http://www.phoronix.com/scan.php?pag...tigation-Lands

  • #2
    What about GCC 4.x?

    Just think of RHEL 6,7 which will still have a quite long period of paid support contracts.

    Comment


    • #3
      Originally posted by entropy View Post
      What about GCC 4.x?

      Just think of RHEL 6,7 which will still have a quite long period of paid support contracts.
      The GCC team will probably never provide backport for versions before GCC7 (maybe 6 but I highly doubt that) so RH customer will have to rely on RH.

      Best regards,

      -- Emmanuel Deloget

      Comment


      • #4
        Is there any performance impact? If so, is there any way to disabled it for code that could not be attacked?

        Comment


        • #5
          Originally posted by Emmanuel Deloget View Post

          The GCC team will probably never provide backport for versions before GCC7 (maybe 6 but I highly doubt that) so RH customer will have to rely on RH.

          Best regards,

          -- Emmanuel Deloget
          RedHat Devtoolsets are your friend

          https://access.redhat.com/documentat...loper_toolset/

          Comment


          • #6
            Originally posted by slacka View Post
            Is there any performance impact? If so, is there any way to disabled it for code that could not be attacked?
            You don't need to disable it. Just don't enable it.

            Comment


            • #7
              Originally posted by Emmanuel Deloget View Post

              The GCC team will probably never provide backport for versions before GCC7 (maybe 6 but I highly doubt that) so RH customer will have to rely on RH.

              Best regards,

              -- Emmanuel Deloget
              Redhat has devtoolset to give access to GCC 5.3.1, 6.3.1, 7.2.1 and Clang 4.0.1. Works well on my CentOS 6/7 based servers. Example Nginx compiled with GCC 4.8.5, 5.3.1, 6.3.1, 7.2.1 and 8.0 and Clang 3.4/4 https://community.centminmod.com/thr...nstalls.13729/

              But yeah, for native system GCC, Redhat is behind usually. Maybe they'll make an exception for security reasons and backport

              Comment


              • #8
                So how does the compiler fix the issue?

                Comment


                • #9
                  Originally posted by caligula View Post
                  So how does the compiler fix the issue?
                  it fixes the issue by not emitting the instruction that gets to use the indirect branch prediction.

                  Comment


                  • #10
                    Originally posted by arjan_intel View Post
                    it fixes the issue by not emitting the instruction that gets to use the indirect branch prediction.
                    Does it rely on special-sauce instructions introduced in latest microcode for the newer generations like the Windows solution?

                    Comment

                    Working...
                    X