On 01/07/2018 11:59 PM, H.J. Lu wrote: > Function return thunk is the same as memory thunk for -mindirect-branch= > where the return address is at the top of the stack: > > __x86_return_thunk: > call L2 > L1: > lfence > jmp L1 > L2: > lea 8(%rsp), %rsp|lea 4(%esp), %esp > ret > > and function return becomes > > jmp __x86_return_thunk
Hello. Can you please explain more usage of the option? Is to prevent a speculative execution of 'ret' instruction (which is an indirect call), as described in [1]? The paper mentions that return stack predictors are commonly implemented in some form. Looks that current version of Linux patches does not use the option. Thanks, Martin [1] https://support.google.com/faqs/answer/7625886
