GCC 8 Patches Posted For Spectre Mitigation
There's been a well-published branch the past few days of a patched GCC 7.2 code-base with the code changes for fending off Spectre while now patches have arrived on the mailing list for Spectre/CVE-2017-5715 of mainline GCC 8.
Toolchain expert H.J. Lu of Intel has posted a set of five patches for Spectre mitigation with the current GCC 8 code-base. These patches introduce the new -mindirect-branch, -mindirect-branch-loop, -mfunction-return, -mindirect-branch-register options for GCC. Enabling the new functionality converts indirect branches to call and return thunks in order to avoid speculative execution.
These patches add about two thousand lines of new code to the compiler. While feature development is now over on GCC 8 ahead of the GCC 8.1 stable release expected in the next two to three months, given the severity of Spectre, these patches will presumably be allowed into the mainline code-base in short order... We will, of course, write about it when it happens. We'll also see if the GCC 7 patches also get accepted in their branch as normally the developers are strict about allowing new feature additions.
With the Spectre Linux kernel patches, they do some justice when built against existing GCC compilers but for best defense the kernel does need to be built against a patched version of GCC. The GCC 8 patches for now are on the gcc-patches mailing list.