Table of Content
- Disclaimers
- Introduction
- Mitigating Bounds Check Bypass (Spectre Variant 1)
- Mitigating Branch Target Injection (Spectre Variant 2)
- How to Obtain the Latest Intel® C++ Compiler and Intel® Fortran Compiler
- Conclusion and Further Reading
Disclaimers
Intel technologies' features and benefits depend on system configuration and may require enabled hardware, software, or service activation. Performance varies depending on system configuration. Check with your system manufacturer or retailer or learn more at www.intel.com.
All information provided here is subject to change without notice. Contact your Intel representative to obtain the latest Intel product specifications and roadmaps.
The products and services described may contain defects or errors known as errata which may cause deviations from published specifications. Current characterized errata are available on request.
Intel provides these materials as-is, with no express or implied warranties.
Intel and the Intel logo are trademarks of Intel Corporation in the U.S. and/or other countries.
*Other names and brands may be claimed as the property of others.
Copyright © [2018], Intel Corporation. All rights reserved.
Introduction
Side channel methods are techniques that may allow an attacker to obtain secret or privileged information through observing the system that they would not normally be able to access, such as measuring microarchitectural properties about the system. For background information relevant to this article, refer to the overview in Intel Analysis of Speculative Execution Side Channels. This article describes Intel® C++ Compiler support and Intel® Fortran Compiler support for speculative execution side channel mitigations.
Mitigating Bounds Check Bypass (Spectre Variant 1)
Please read Intel's Analysis of Speculative Execution Side Channels for details, exploit conditions, and mitigations for the exploit known as bounds check bypass (Spectre variant 1).
One mitigation for Spectre variant 1 is through use of the LFENCE instruction. The LFENCE instruction does not execute until all prior instructions have completed locally, and no later instruction begins execution until LFENCE completes. _mm_lfence() is a compiler intrinsic or assembler inline that issues an LFENCE instruction and also ensures that compiler optimizations do not move memory references across that boundary. Inserting an LFENCE between a bounds check condition and memory loads helps ensure that the loads do not occur until the bounds check condition has actually been completed.
The Intel C++ Compiler and Intel Fortran Compiler both allow programmers to insert LFENCE instructions, which can be used to help mitigate bounds check bypass (Spectre variant 1).
LFENCE in C/C++
You can insert LFENCE instructions in a C/C++ program as shown in the example below:
#include <intrin.h>
#pragma intrinsic(_mm_lfence)
if (user_value >= LIMIT)
{
return STATUS_INSUFFICIENT_RESOURCES;
}
else
{
_mm_lfence(); /* manually inserted by developer */
x = table[user_value];
node = entry[x];
}
LFENCE in Fortran
You can insert an LFENCE instruction in Fortran applications as shown in the example below.
Implement the following subroutine, which calls _mm_lfence() intrinsics:
interface
subroutine for_lfence() bind (C, name = "_mm_lfence")
!DIR$ attributes known_intrinsic, default :: for_lfence
end subroutine for_lfence
end interface
if (untrusted_index_from_user .le. iarr1%length) then
call for_lfence()
ival = iarr1%data(untrusted_index_from_user)
index2 = (IAND(ival,1)*z'100') + z'200'
if(index2 .le. iarr2%length)
ival2 = iarr2%data(index2)
endif
The LFENCE intrinsic is supported in the following Intel compilers:
- Intel C++ Compiler 8.0 and later for Windows*, Linux*, and macOS*
- Intel Fortran Compiler 8.0 and later for Windows, Linux and macOS
Mitigating Branch Target Injection (Spectre Variant 2)
Intel's whitepaper on Retpoline: A Branch Target Injection Mitigation discusses the details, exploit conditions, and mitigations for the exploit known as branch target injection (Spectre variant 2). While there are a number of possible mitigation techniques for this side channel method, the mitigation technique described in that document is known as retpoline, which is a technique employed by the Intel® C++ and Fortran compilers.
The Intel C++ and Fortran compilers have command line options that can be used to help mitigate branch target injection (Spectre variant 2). These options replace all indirect branches (calls/jumps) with the retpoline code sequence. The thunk-inline option inserts a full retpoline sequence at each indirect branch that needs mitigation. The thunk-extern option reduces code size by sharing the retpoline sequence.
The compiler options implemented are:
- -mindirect-branch=thunk-inline for Linux or macOS
- -mindirect-branch=thunk-extern for Linux or macOS
- /Qindirect-branch:thunk-inline for Windows
- /Qindirect-branch:thunk-extern for Windows
The command line option is included in the following Intel compilers:
- Intel® C++ Compiler 18.0 update 2 and later for Windows, Linux, and macOS
- Intel® Fortran Compiler 18.0 update 2 and later for Windows, Linux, and macOS
Refer to the Intel Compilers - Supported compiler versions article for updates on the availability of mitigation options in supported Intel Compilers.
How to Obtain the Latest Intel® C++ Compiler and Intel® Fortran Compiler
The Intel® C++ Compiler is distributed as part of the Intel® Parallel Studio XE and Intel® System Studio tool suites. The Intel® Fortran Compiler is distributed as part of Intel® Parallel Studio XE 2018. You can be downloaded these from the Intel Registration Center. Intel® Parallel Studio XE 2018 update 2 or later and Intel® System Studio 2018 update 1 or later contain support for retpoline. Refer to the Intel Compilers - Supported compiler versions article for updates on the availability of mitigation options in supported Intel Compilers.
Conclusion and Further Reading
Visit the Intel Press Room for the latest updates regarding the Spectre and Meltdown issues, and Intel’s Side Channel Security Support website for additional software-specific, up-to-date information. You can find more detailed explanations of Speculative Execution Side-Channel Mitigations and Intel’s Mitigation Overview for Potential Side-Channel Cache Exploits in Linux* on our Side-Channel Security Support website.
Refer to our support site for support options if you experience any issues.
Intel continues to work on improving Intel software development products for the identified security issues. We will continue to revise this article with Intel® C++ Compiler and Intel Fortran Compiler product updates as they become available.