Re: [PATCH 0/5] x86: CVE-2017-5715, aka Spectre

[Jan Hubicka <hubicka at ucw dot cz>]

> Hi HJ, 
> 
> > -----Original Message-----
> > From: gcc-patches-owner@gcc.gnu.org [mailto:gcc-patches-
> > owner@gcc.gnu.org] On Behalf Of H.J. Lu
> > Sent: Sunday, January 14, 2018 9:07 AM
> > To: gcc-patches@gcc.gnu.org
> > Subject: [PATCH 0/5] x86: CVE-2017-5715, aka Spectre
> > 
> > This set of patches for GCC 8 mitigates variant #2 of the speculative
> > execution vulnerabilities on x86 processors identified by CVE-2017-5715, aka
> > Spectre.  They convert indirect branches and function returns to call and
> > return thunks to avoid speculative execution via indirect call, jmp and ret.
> > 
> > H.J. Lu (5):
> >   x86: Add -mindirect-branch=
> >   x86: Add -mfunction-return=
> >   x86: Add -mindirect-branch-register
> >   x86: Add 'V' register operand modifier
> >   x86: Disallow -mindirect-branch=/-mfunction-return= with
> >     -mcmodel=large
> 
> Current set of patches don't seem to have any option to generate "lfence" as the loop filler in "retpoline",  which is required by AMD.
> Can you please clarify the plan. We would like to get this checked-in GCC 8.   

Since thunks are output as strings, it is easy to add the option
on the top of patch #1 of the series.  I do not fully understand
the reason for choosing pause over lfence for Intel, but if we need
to do both, we need to have command line option (and possibly attribute).
What would be reasonable name for it?

Honza