{"id":25648,"date":"2020-03-13T01:15:17","date_gmt":"2020-03-13T01:15:17","guid":{"rendered":"https:\/\/devblogs.microsoft.com\/cppblog\/?p=25648"},"modified":"2020-03-16T19:38:42","modified_gmt":"2020-03-16T19:38:42","slug":"more-spectre-mitigations-in-msvc","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/cppblog\/more-spectre-mitigations-in-msvc\/","title":{"rendered":"More Spectre Mitigations in MSVC"},"content":{"rendered":"<p>In a previous blog post, Microsoft <a href=\"https:\/\/devblogs.microsoft.com\/cppblog\/spectre-mitigations-in-msvc\/\">described the Spectre mitigations <\/a>available under <code>\/Qspectre<\/code>. These mitigations, while not significantly impacting performance, do not protect against all possible speculative load attacks, described in industry research as <a href=\"https:\/\/lviattack.eu\/\">Load Value Injection<\/a>. We are now adding two new switches <code>\/Qspectre-load<\/code> and <code>\/Qspectre-load-cf<\/code> to provide a more complete mitigation of <a href=\"https:\/\/spectreattack.com\/spectre.pdf\">Spectre attacks<\/a> based on loads for customers. These switches are only available on x86 and x64 platforms.<\/p>\n<h2>What do the new switches do?<\/h2>\n<p>The <a href=\"https:\/\/docs.microsoft.com\/en-us\/cpp\/build\/reference\/qspectre-load\"><code>\/Qspectre-load<\/code> flag<\/a> specifies compiler generation of serializing instructions for every load instruction. For most loads, this entails adding an <code>LFENCE<\/code> instruction after the load instruction. However, for control flow instructions, this approach does not work. In most cases, the instruction can be split into the load and control flow, so an <code>LFENCE<\/code> can be inserted after the load. When this is not possible, such as for <code>jmp [rax]<\/code> the compiler uses an alternate mitigation strategy, loading the target non-destructively before inserting an <code>LFENCE<\/code> as follows:<\/p>\n<pre class=\"lang:default decode:true\">xor rbx, [rax]\r\nxor rbx, [rax] \r\nlfence\r\njmp [rax]<\/pre>\n<p>The <a href=\"https:\/\/docs.microsoft.com\/en-us\/cpp\/build\/reference\/qspectre-load-cf\"><code>\/Qspectre-load-cf<\/code> flag<\/a> provides a subset of this behavior, only protecting control flow instructions: <code>JMP<\/code>, <code>RET<\/code>, and <code>CALL<\/code>.<\/p>\n<p>If there are performance critical blocks of code that do not require protection, then you can disable these mitigations using <code>__declspec(spectre(nomitigation))<\/code>. As these switches stop speculation of all loads, the performance impact is very high, so this mitigation is not appropriate everywhere.<\/p>\n<h2>What versions of MSVC support the \/Qspectre-load and \/Qspectre-load-cf switches?<\/h2>\n<p>These switches are available starting in Visual Studio 16.5 preview 3 and will be available in MSVC toolsets included in all future releases of Visual Studio (including Previews). They have also been released in all currently supported versions of Visual Studio 2017 and 2019 as follows:<\/p>\n<ul>\n<li><a href=\"https:\/\/docs.microsoft.com\/en-us\/visualstudio\/releasenotes\/vs2017-relnotes#15.9.21\"> Visual Studio 15.9<\/a><\/li>\n<li><a href=\"https:\/\/docs.microsoft.com\/en-us\/visualstudio\/releases\/2019\/release-notes-v16.0#16.0.12\">Visual Studio 16.0<\/a><\/li>\n<li><a href=\"https:\/\/docs.microsoft.com\/en-us\/visualstudio\/releases\/2019\/release-notes-v16.4#16.4.6\">Visual Studio 16.4<\/a><\/li>\n<\/ul>\n<h2>How do I enable this?<\/h2>\n<p>Starting from Visual Studio 2019 version 16.5 Preview 3, developers can use these new Spectre mitigation options. To enable either new flag, select the flag you want from \u201cSpectre Mitigation\u201d under the \u201cCode Generation\u201d section of the project Property Pages:<\/p>\n<p><img decoding=\"async\" class=\"alignnone wp-image-25555\" src=\"https:\/\/devblogs.microsoft.com\/cppblog\/wp-content\/uploads\/sites\/9\/2020\/02\/word-image.png\" alt=\"Screencap of the Spectre Mitigation option in the project properties.\" width=\"1172\" height=\"775\" srcset=\"https:\/\/devblogs.microsoft.com\/cppblog\/wp-content\/uploads\/sites\/9\/2020\/02\/word-image.png 1172w, https:\/\/devblogs.microsoft.com\/cppblog\/wp-content\/uploads\/sites\/9\/2020\/02\/word-image-300x198.png 300w, https:\/\/devblogs.microsoft.com\/cppblog\/wp-content\/uploads\/sites\/9\/2020\/02\/word-image-1024x677.png 1024w, https:\/\/devblogs.microsoft.com\/cppblog\/wp-content\/uploads\/sites\/9\/2020\/02\/word-image-768x508.png 768w\" sizes=\"(max-width: 1172px) 100vw, 1172px\" \/><\/p>\n<p>Your feedback is key to deliver the best experience. If you have any questions, please feel free to ask us below. You can also send us your comments through <a href=\"mailto:visualcpp@microsoft.com\" target=\"_blank\" rel=\"noopener noreferrer\">e-mail<\/a>. If you encounter problems with the experience or have suggestions for improvement, please\u202f<a href=\"https:\/\/docs.microsoft.com\/en-us\/visualstudio\/ide\/how-to-report-a-problem-with-visual-studio?view=vs-2019\" target=\"_blank\" rel=\"noopener noreferrer\">Report A Problem<\/a>\u202for reach out via\u202f<a href=\"https:\/\/developercommunity.visualstudio.com\/spaces\/62\/index.html\" target=\"_blank\" rel=\"noopener noreferrer\">Developer Community<\/a>. You can also find us on Twitter\u202f<a href=\"https:\/\/twitter.com\/visualc\" target=\"_blank\" rel=\"noopener noreferrer\">@VisualC<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In a previous blog post, Microsoft described the Spectre mitigations available under \/Qspectre. These mitigations, while not significantly impacting performance, do not protect against all possible speculative load attacks, described in industry research as Load Value Injection. We are now adding two new switches \/Qspectre-load and \/Qspectre-load-cf to provide a more complete mitigation of Spectre [&hellip;]<\/p>\n","protected":false},"author":1067,"featured_media":35994,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-25648","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cplusplus"],"acf":[],"blog_post_summary":"<p>In a previous blog post, Microsoft described the Spectre mitigations available under \/Qspectre. These mitigations, while not significantly impacting performance, do not protect against all possible speculative load attacks, described in industry research as Load Value Injection. We are now adding two new switches \/Qspectre-load and \/Qspectre-load-cf to provide a more complete mitigation of Spectre [&hellip;]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/cppblog\/wp-json\/wp\/v2\/posts\/25648","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/cppblog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/cppblog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/cppblog\/wp-json\/wp\/v2\/users\/1067"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/cppblog\/wp-json\/wp\/v2\/comments?post=25648"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/cppblog\/wp-json\/wp\/v2\/posts\/25648\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/cppblog\/wp-json\/wp\/v2\/media\/35994"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/cppblog\/wp-json\/wp\/v2\/media?parent=25648"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/cppblog\/wp-json\/wp\/v2\/categories?post=25648"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/cppblog\/wp-json\/wp\/v2\/tags?post=25648"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}