From c2ed34952095ce41b30e6a615fbecc1e9a544f77 Mon Sep 17 00:00:00 2001 From: Chandler Carruth Date: Fri, 2 Mar 2018 05:49:03 +0000 Subject: Add some minimal release notes for retpolines. git-svn-id: https://llvm.org/svn/llvm-project/cfe/branches/release_60@326540 91177308-0d34-0410-b5e6-96231b3b80d8 --- docs/ReleaseNotes.rst | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/docs/ReleaseNotes.rst b/docs/ReleaseNotes.rst index efbf27a887..5ceb1a4b51 100644 --- a/docs/ReleaseNotes.rst +++ b/docs/ReleaseNotes.rst @@ -51,6 +51,12 @@ Non-comprehensive list of changes in this release ``__is_target_vendor``, ``__is_target_os``, and ``__is_target_environment`` can be used to to examine the individual components of the target triple. +- Support for `retpolines `_ + was added to help mitigate "branch target injection" (variant #2) of the + "Spectre" speculative side channels described by `Project Zero + `_ + and the `Spectre paper `_. + Improvements to Clang's diagnostics ----------------------------------- @@ -138,6 +144,18 @@ New Compiler Flags - New ``-nostdlib++`` flag to disable linking the C++ standard library. Similar to using ``clang`` instead of ``clang++`` but doesn't disable ``-lm``. +- Clang supports the ``-mretpoline`` flag to enable `retpolines + `_. Code compiled with this + flag will be hardened against variant #2 of the Spectre attack. Indirect + branches from switches or gotos removed from the code, and indirect calls + will be made through a "retpoline" thunk. The necessary thunks will + automatically be inserted into the generated code. Clang also supports + ``-mretpoline-external-thunk`` which works like ``-mretpoline`` but requires + the user to provide their own thunk definitions. The external thunk names + start with ``__x86_indirect_thunk_`` and end in a register name. For 64-bit + platforms, only an ``r11`` thunk is used, but for 32-bit platforms ``eax``, + ``ecx``, ``edx``, and ``edi`` thunks are used. + Attribute Changes in Clang -------------------------- -- cgit v1.2.3