To mitigate Spectre v2, Xen has been fixed with a software fix, namely
using retpoline sequences generated by the compiler. This way, indirect
branches are protected against the attack.
However, the retpoline sequence comes with a slow down. To make up for
this, we propose to avoid jump tables in the first place. Without the
retpoline sequences, this code would be less efficient. However, when
retpoline is enabled, this actually results in a slight performance
improvement.
This change might become irrelevant once the compiler starts avoiding
jump tables in case retpolines are used:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=86952
Reported-by: Julian Stecklina <jsteckli@amazon.de>
Reported-by: Pawel Wieczorkiewicz <wipawel@amazon.de>
Signed-off-by: Norbert Manthey <nmanthey@amazon.de>
Acked-by: Jan Beulich <jbeulich@suse.com>
ifneq ($(call cc-option,$(CC),-mindirect-branch-register,n),n)
CFLAGS += -mindirect-branch=thunk-extern -mindirect-branch-register
CFLAGS += -DCONFIG_INDIRECT_THUNK
+CFLAGS += -fno-jump-tables
export CONFIG_INDIRECT_THUNK=y
endif
projects / people / royger / xen.git / commitdiff