Web lists-archives.com

Re: Kernel for Spectre and Meltdown


Michael Lange wrote:
> compiler that is "retpoline-aware" (as the
> "checker"-script calls it, whatever that means)

The term was coined by Google engineers

  "The name “retpoline” is a portmanteau of “return” and “trampoline.”
   It is a trampoline construct constructed using return operations which
   also figuratively ensures that any associated speculative execution
   will “bounce” endlessly.  

   (If it brings you any amusement: imagine speculative execution as an
    overly energetic 7-year old that we must now build a warehouse of
    trampolines around.)"

It is worthwhile to read this early description of Spectre, which they
call "Variant 2" or "CVE-2017-5715".

Retpoline is on the first view useless effort for the CPU, so i guess
a compiler must be kept from optimizing it away.
The goal is to prevent speculative execution of code at addresses
which the attacker seeded into the branch prediction table of the CPU.

Have a nice day :)