On Sun, Jan 14, 2018 at 6:20 AM, Jan Hubicka <hubi...@ucw.cz> wrote: >> > Hi HJ, >> > >> > > -----Original Message----- >> > > From: gcc-patches-ow...@gcc.gnu.org [mailto:gcc-patches- >> > > ow...@gcc.gnu.org] On Behalf Of H.J. Lu >> > > Sent: Sunday, January 14, 2018 9:07 AM >> > > To: gcc-patches@gcc.gnu.org >> > > Subject: [PATCH 0/5] x86: CVE-2017-5715, aka Spectre >> > > >> > > This set of patches for GCC 8 mitigates variant #2 of the speculative >> > > execution vulnerabilities on x86 processors identified by CVE-2017-5715, >> > > aka >> > > Spectre. They convert indirect branches and function returns to call and >> > > return thunks to avoid speculative execution via indirect call, jmp and >> > > ret. >> > > >> > > H.J. Lu (5): >> > > x86: Add -mindirect-branch= >> > > x86: Add -mfunction-return= >> > > x86: Add -mindirect-branch-register >> > > x86: Add 'V' register operand modifier >> > > x86: Disallow -mindirect-branch=/-mfunction-return= with >> > > -mcmodel=large >> > >> > Current set of patches don't seem to have any option to generate "lfence" >> > as the loop filler in "retpoline", which is required by AMD. >> > Can you please clarify the plan. We would like to get this checked-in GCC >> > 8. >> >> Since thunks are output as strings, it is easy to add the option >> on the top of patch #1 of the series. I do not fully understand >> the reason for choosing pause over lfence for Intel, but if we need >> to do both, we need to have command line option (and possibly attribute). >> What would be reasonable name for it? > > I forgot there is -mindirect-branch-loop for that in the original patchset. > So for now we should be happy with having both lfence and pause in there > or do we still need it? >
I suggest we leave it out for the time being. -- H.J.
