问题
I want to see how the spectre mitigation flag solved a problem to convince my team that we need to add this flag to our large code base for upcoming projects.
I am searching for sample projects that have a spectre vulnerability and is resolved by adding a spectre mitigation flag introduced last week in Visual Studio 2017.
Can some one please help me in putting across a POC to demo to my larger team as to how the recently added support from Microsoft in Visual Studio overcomes the problem?
Here is latest release notes from Microsoft for VS 2017.
Edite to question: August 23 2018
In the pursuit for an answer, I tried the following code form microsoft Spectre Mitigation page:
#include "stdafx.h"
int G, G1, G2;
__forceinline
int * bar(int **p, int i)
{
return p[i];
}
__forceinline
void bar1(int ** p, int i)
{
if (i < G1) {
auto x = p[i]; // mitigation here
G = *x;
}
}
__forceinline
void foo(int * p)
{
G = *p;
}
void baz(int ** p, int i)
{
if (i < G1) {
foo(bar(p, i + G2));
}
bar1(p, i);
}
int main()
{
return 0;
}
When I compile the code with the spectre mitigation flag enabled:
Project Properties > Configuration Properties > C/C++ > Spectre Mitigation > Enabled
Three additional changes also need to be done to incorporate this change:
- Change from /Od to /O2 in Optimization
Project Properties > Configuration Properties > C/C++ > Optimization > /O2
- Basic Run time Checks to Default
Project Properties > Configuration Properties > C/C++ > Code Generation > Basic Run time Checks > Default
- Added VC library directory to Linker path
Project Properties > Configuration Properties > Linker > General > Additional Library Directories > C:\Program Files (x86)\Microsoft Visual Studio\2017\Enterprise\VC\Tools\MSVC\14.15.26726\lib\x86
Note: instead of hardcoding the path like this
C:\Program Files (x86)\Microsoft Visual Studio\2017\Enterprise\VC\Tools\MSVC\14.15.26726\lib\x86
, you can use a Visual studio variable like this:
$(VCToolsInstallDir)\lib\x86\
I get the following Output:
C:\Program Files (x86)\Microsoft Visual Studio\2017\Enterprise\Common7\IDE\VC\VCTargets\Microsoft.CppBuild.targets(402,5): warning MSB8038: Spectre mitigation is enabled but Spectre mitigated libraries are not found. Verify that the Visual Studio Workload includes the Spectre mitigated libraries. See https://aka.ms/Ofhn4c for more information.
I don't know what to do at this point. I get an output executable, but I want the Spectre mitigation feature to be testable. Please help me.
回答1:
I modified VS 2017 Installer and compared my installation against the default selected items from the Microsoft page for Spectre Mitigation.
I had failed to notice the Individual Components Tab. In the tab I had missed some important dependencies, (thanks to @Retired Ninja). After installing that, the message stopped appearing in the build for spectre mitigation example.
However, I am still looking for a more concrete use case.
回答2:
the following article has an interesting discussion around the Spectre family of vulnerabilities, and provides sample code to test Visual Studio's mitigation techniques. Perhaps you can use some of this code to put together a concrete example (exploitation might be rather hard though).
https://www.paulkocher.com/doc/MicrosoftCompilerSpectreMitigation.html
来源:https://stackoverflow.com/questions/51941573/how-to-verify-if-the-spectre-mitigation-flag-used-in-visual-studio-2017-works-fo