cmd/compile: spectre options don't apply to dependent packages #40866
Labels
FrozenDueToAge
NeedsInvestigation
Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Milestone
Maybe I am holding things wrong, but it seems like the spectre mitigations are only applying to the main package, not the entire program? (Perhaps this only applies to retpoline, I haven't checked nospec indexing yet).
Below is a minimal repro. I initially discovered this when building a large application and finding repoline calls only in package main, where it is implausible that nothing else in the program would be eligible.
What version of Go are you using (
go version
)?Does this issue reproduce with the latest release?
Yes
What operating system and processor architecture are you using (
go env
)?go env
OutputWhat did you do?
Create a basic package structure: https://play.golang.org/p/QE_wQTBkQZ7
Build with spectre mitigations:
go build -gcflags=-spectre=all -asmflags=-spectre=all
What did you expect to see?
Retpoline calls on the calls to
fooer.Foo()
in main andbarrer.Bar()
inbar.CallBarrer()
.What did you see instead?
Retpoline calls only in package main.
cc @rsc
The text was updated successfully, but these errors were encountered: