Announcement

Collapse
No announcement yet.

GCC 7.3 Preparing For Release To Ship Spectre Patches

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • GCC 7.3 Preparing For Release To Ship Spectre Patches

    Phoronix: GCC 7.3 Preparing For Release To Ship Spectre Patches

    GNU developers are preparing to quickly ship GCC 7.3 now in order to get out the Spectre patches, a.k.a. the compiler side bits for Retpoline with -mindirect-branch=thunk and friends...

    http://www.phoronix.com/scan.php?pag...lease-Imminent

  • #2
    Will these flags be enabled by default ?

    Comment


    • #3
      Originally posted by Elyotna View Post
      Will these flags be enabled by default ?
      No, it is optional. I guess for start kernels will build with it and we will see how much of userland will need it as well.

      Comment


      • #4
        so if you build with march=some_affected_cpu it still is not enabled by default? also should one build their whole system with these flags or is that provably unnecessary for some reason?

        Comment


        • #5
          Originally posted by quaz0r View Post
          so if you build with march=some_affected_cpu it still is not enabled by default? also should one build their whole system with these flags or is that provably unnecessary for some reason?
          I wouldn't think that it would enable the spectre fixes with one of those march's unless explicitly told to do so. That would just add yet another level of complexity for no good reason. Basically if you know why you should build with these flags you know when to use them; it's very likely unnecessary for the majority of software. It may be wise to use the flags with anything that uses superuser privs though, just as a free measure of safety. But that's your prerogative as a package maintainer and makefile author, if not I would suggest using the defaults that the maintainers say is correct.

          Comment


          • #6
            Originally posted by quaz0r View Post
            so if you build with march=some_affected_cpu it still is not enabled by default? also should one build their whole system with these flags or is that provably unnecessary for some reason?
            No, and no.

            These flags are for software that is affected by Spectre. These include stuff like your kernel, your web browser, maybe your email client, your virtualization tool, etc. The respective upstreams of these packages should (will?) add these flags in their build systems.

            Most software does not load and run external code, which is what Spectre is about.

            What I don't know, is how this affects shared libraries. The web browser for example depends on lots of shared libraries. Most of them aren't built with these flags. What effects does that have? I have no idea.
            Last edited by RealNC; 01-17-2018, 07:44 PM.

            Comment


            • #7
              I just compiled this branch (7.3) and 4.14.14 kernel with default flags no mitigation is enabled . Which flags should I use?? at least with the gcc that ships on Opensuse there is Minimal AMD mitigation (on the kernel side).
              Last edited by Kayote; 01-18-2018, 12:16 PM.

              Comment


              • #8
                added -mindirect-branch=thunk to the kernel Makefile will report back. Let's see if I can get complete AMD mitigation.

                Comment


                • #9
                  I don't know it's no enabled but in other kernel minimal mitigation is not enabled either, I must messed up some config.

                  Comment


                  • #10
                    Done Full AMD reptoline mitigation. I forgot to add spectre_v2=on to grub.
                    But now I'm thinking of turning it off it goes against my principles. I'm a pro-liberty guy. Let's not forget this famous Benjamin Franklin Quotation.

                    Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety

                    Comment

                    Working...
                    X