From 95d6ca52acb83901e66e9c3333beb0aa888068f4 Mon Sep 17 00:00:00 2001 From: Rui Ueyama Date: Fri, 25 May 2018 21:02:47 +0000 Subject: [PATCH] Add a comment for retpoline PLT. llvm-svn: 333312 --- lld/ELF/Arch/X86_64.cpp | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/lld/ELF/Arch/X86_64.cpp b/lld/ELF/Arch/X86_64.cpp index f53c36a2c416..605e2c19982f 100644 --- a/lld/ELF/Arch/X86_64.cpp +++ b/lld/ELF/Arch/X86_64.cpp @@ -461,6 +461,15 @@ void X86_64::relaxGot(uint8_t *Loc, uint64_t Val) const { write32le(Loc - 1, Val + 1); } +// These nonstandard PLT entries are to migtigate Spectre v2 security +// vulnerability. In order to mitigate Spectre v2, we want to avoid indirect +// branch instructions such as `jmp *GOTPLT(%rip)`. So, in the following PLT +// entries, we use a CALL followed by MOV and RET to do the same thing as an +// indirect jump. That instruction sequence is so-called "retpoline". +// +// We have two types of retpoline PLTs as a size optimization. If `-z now` +// is specified, all dynamic symbols are resolved at load-time. Thus, when +// that option is given, we can omit code for symbol lazy resolution. namespace { template class Retpoline : public X86_64 { public: