Spectre Mitigation Added To GCC 8, Seeking Backport To GCC 7

Hitting the GCC 8 compiler Git/SVN code this Sunday morning are the changes needed compiler-side for CVE-2017-5715 / Spectre mitigation.

Veteran GNU toolchain developer H.J. Lu of Intel has committed the set of patches for introducing -mindirect-branch=, -mfunction-return= and -mindirect-branch-register for dealing with indirect branches from the compiler side and is also compiler features already used by the Linux kernel Retpoline patches when built with a supported compiler for full enforcement against Spectre vulnerabilities.

The set of Spectre mitigation patches for the GNU Compiler Collection (GCC) were accepted to mainline and will be part of GCC 8 with the GCC 8.1 stable release that will likely be due out around March. This is on top of many other changes/features of GCC 8.

Since merging these patches into GCC trunk, H.J. Lu is also looking to backport these additions to the existing GCC 7 code-base. He's already sent out another patch series of other prep changes needed to GCC 7 in order to land these Spectre changes there. This in turn could then appear with the GCC 7.3 release for those upgrading to new point releases of GCC7.