earlier replies
Thanks to plugin power, it was fixed in grsecurity in 2019 for all affected GCC versions: scripts/gcc-plugins/utilities_plugin/fix_esra.c
1
8
I'm curious, does respectre also handle uninitialized stack use for speculative side channels?
1
Can you give a code example?
1
The Microsoft c++ guide talks about it at a high level docs.microsoft.com/en-us/cpp… but haven't seen much more since then, have wondered if you could find a good use of that to fetch arbitrary addresses for cross thread disclosures
2
Actually, I didn't read the example closely enough. It was an SSB case, and we have an option specifically for that with Respectre. So I threw the example into mm/memory.c and compiled it with the verbose mode on:
2
1
Had to add noinline to InitializeIndex to make it match the description, but here's the resulting disasm:
1
1
The fence gets inserted via asm alternatives at boot where you see the xchg ax,ax in the code
2
That's amazing, would love to know how many extra barriers get inserted in say an Ubuntu kernel. No way you could find them all through code review!
1
Replying to @jamiediles @spendergrsec
don't have current numbers at hand, but on a 5.4.13-allyes-amd64 config respectre reported about 33k v4 instances as above. that was over 1.5y ago, so not quite representative of the current code but you get the idea.

Aug 12, 2021 · 2:50 PM UTC

1
Replying to @paxteam @spendergrsec
Okay, that's even more than I would have expected, nice work!
1
I think the number he gave you there was for SSB_ALL (see: nitter.vloup.ch/spendergrsec/sta…), for performance you don't really want a ton of fences.
Brad Spengler @spendergrsec
30 Jul 2021
Replying to @spendergrsec @jamiediles
We have two SSB options actually, a basic one and a more extensive one (more fences, but also more performance hit). This one was caught/handled with the basic option.
2
more replies