On Mon, 2018-01-08 at 09:20 +0100, Florian Weimer wrote: > * H. J. Lu: > > > Add -mindirect-branch-loop= option to control loop filler in call and > > return thunks generated by -mindirect-branch=. 'lfence' uses "lfence" > > as loop filler. 'pause' uses "pause" as loop filler. 'nop' uses "nop" > > as loop filler. The default is 'lfence'. > > Why is the loop needed? Doesn't ud2 or cpuid stop speculative > execution?
The idea is not to stop it per se, but to capture it. We trick the speculative execution into *thinking* it's going to return back to that endless loop, which prevents it from doing the branch prediction which would otherwise have got into trouble. There has been a fair amount of bikeshedding of precisely what goes in there already, and '1: pause; jmp 1b' is the best option that hasn't been shot down in flames by the CPU architects. HJ, do we still actually need the options for lfence and nop? I thought those were originally just for testing and could possibly be dropped now? Not that I care for Linux since I'm providing my own external thunk anyway...
smime.p7s
Description: S/MIME cryptographic signature