On Sun, Jan 14, 2018 at 4:42 AM, Jan Hubicka <hubi...@ucw.cz> wrote: >> On Sun, Jan 14, 2018 at 11:40 AM, Jan Hubicka <hubi...@ucw.cz> wrote: >> >> Hi HJ, >> >> >> >> > -----Original Message----- >> >> > From: gcc-patches-ow...@gcc.gnu.org [mailto:gcc-patches- >> >> > ow...@gcc.gnu.org] On Behalf Of H.J. Lu >> >> > Sent: Sunday, January 14, 2018 9:07 AM >> >> > To: gcc-patches@gcc.gnu.org >> >> > Subject: [PATCH 0/5] x86: CVE-2017-5715, aka Spectre >> >> > >> >> > This set of patches for GCC 8 mitigates variant #2 of the speculative >> >> > execution vulnerabilities on x86 processors identified by >> >> > CVE-2017-5715, aka >> >> > Spectre. They convert indirect branches and function returns to call >> >> > and >> >> > return thunks to avoid speculative execution via indirect call, jmp and >> >> > ret. >> >> > >> >> > H.J. Lu (5): >> >> > x86: Add -mindirect-branch= >> >> > x86: Add -mfunction-return= >> >> > x86: Add -mindirect-branch-register >> >> > x86: Add 'V' register operand modifier >> >> > x86: Disallow -mindirect-branch=/-mfunction-return= with >> >> > -mcmodel=large >> >> >> >> Current set of patches don't seem to have any option to generate "lfence" >> >> as the loop filler in "retpoline", which is required by AMD. >> >> Can you please clarify the plan. We would like to get this checked-in GCC >> >> 8. >> > >> > Since thunks are output as strings, it is easy to add the option >> > on the top of patch #1 of the series. I do not fully understand >> > the reason for choosing pause over lfence for Intel, but if we need >> > to do both, we need to have command line option (and possibly attribute). >> > What would be reasonable name for it? >> >> Looking at the kernel patch [1], the loop filler should be >> "pause;lfence" sequence, and should be universally accepted for Intel >> and AMD targets. >> >> [1] https://www.spinics.net/lists/kernel/msg2697507.html > > Yep, I would say we should go with pause;lfence now and see if we want to add > argument > eventually. > HJ, does it sound OK?
Yes, I am checking a patch to default to "pause; lfence". -- H.J.
