| commit | 4a995045915dbe45918787d158485dda26660e05 | |
| author | Marek Habersack <grendel@twistedcode.net> | |
| Wed, 31 Jan 2018 17:10:31 +0000 (31 18:10 +0100) | ||
| committer | Marek Safar <marek.safar@gmail.com> | |
| Fri, 2 Feb 2018 13:53:02 +0000 (2 08:53 -0500) | ||
| tree | 6996135227386cc531c9ccba9bebc8e7f9a90346 | treesnapshot (tar.gz zip) |
| parent | 9b3e3187d99a6dfaf49df3346dbabb5625c235ed | commitdiff |
Check for compiler switches to mitigate Spectre/Meltdown
This commit implements checking whether the compiler used to build mono supports
the recently added switches to generate code designed to mitigate the effects of
the Spectre/Meltdown bugs of the modern CPUs (https://meltdownattack.com/).
As of this commit the options are implemented for GCC 8.x, 7.3 and backported to
some older versions of gcc 7.x (e.g. in Ubuntu). The options tested for, and
used, here are:
-mindirect-branch (https://gcc.gnu.org/onlinedocs/gcc-7.3.0/gcc/x86-Options.html#index--mindirect-branch)
-mfunction-return (https://gcc.gnu.org/onlinedocs/gcc-7.3.0/gcc/x86-Options.html#index--mfunction-return)
Checks and usage of the above flags is hidden behind the
`--with-spectre-mitigation` configure option, defaulting to `no`.
Two additional options are implemented to specify the kind of thunk to implement
by each of the flags above:
--with-spectre-indirect-branch-choice=keep,thunk,inline,extern
Convert indirect branches to the specified kind of thunk (defaults to inline)
--with-spectre-function-return-choice=keep,thunk,inline,extern
Convert function return instructions to the specified kind of
thunk (defaults to inline)
This commit implements checking whether the compiler used to build mono supports
the recently added switches to generate code designed to mitigate the effects of
the Spectre/Meltdown bugs of the modern CPUs (https://meltdownattack.com/).
As of this commit the options are implemented for GCC 8.x, 7.3 and backported to
some older versions of gcc 7.x (e.g. in Ubuntu). The options tested for, and
used, here are:
-mindirect-branch (https://gcc.gnu.org/onlinedocs/gcc-7.3.0/gcc/x86-Options.html#index--mindirect-branch)
-mfunction-return (https://gcc.gnu.org/onlinedocs/gcc-7.3.0/gcc/x86-Options.html#index--mfunction-return)
Checks and usage of the above flags is hidden behind the
`--with-spectre-mitigation` configure option, defaulting to `no`.
Two additional options are implemented to specify the kind of thunk to implement
by each of the flags above:
--with-spectre-indirect-branch-choice=keep,thunk,inline,extern
Convert indirect branches to the specified kind of thunk (defaults to inline)
--with-spectre-function-return-choice=keep,thunk,inline,extern
Convert function return instructions to the specified kind of
thunk (defaults to inline)
| configure.ac | diffblobblamehistory | |
| m4/ax_check_compile_flag.m4 | [new file with mode: 0644] | blob |