On Fri, 2018-01-12 at 19:07 -0600, Tom Lendacky wrote: > The pause instruction is currently used in the retpoline and RSB filling > macros as a speculation trap.  The use of pause was originally suggested > because it showed a very, very small difference in the amount of > cycles/time used to execute the retpoline as compared to lfence.  On AMD, > the pause instruction is not a serializing instruction, so the pause/jmp > loop will use excess power as it is speculated over waiting for return > to mispredict to the correct target. > > The RSB filling macro is applicable to AMD, and, if software is unable to > verify that lfence is serializing on AMD (possible when running under a > hypervisor), the generic retpoline support will be used and, so, is also > applicable to AMD.  Change the use of pause to lfence. > > Signed-off-by: Tom Lendacky Conditionally-Acked-by: David Woodhouse The condition being, as noted, that I'd really like to see it acked by Arjan/Asit and Paul. > --- >  arch/x86/include/asm/nospec-branch.h |   10 +++++----- >  1 file changed, 5 insertions(+), 5 deletions(-) > > diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h > index 402a11c..2c4a09a 100644 > --- a/arch/x86/include/asm/nospec-branch.h > +++ b/arch/x86/include/asm/nospec-branch.h > @@ -11,7 +11,7 @@ >   * Fill the CPU return stack buffer. >   * >   * Each entry in the RSB, if used for a speculative 'ret', contains an > - * infinite 'pause; jmp' loop to capture speculative execution. > + * infinite 'lfence; jmp' loop to capture speculative execution. >   * >   * This is required in various cases for retpoline and IBRS-based >   * mitigations for the Spectre variant 2 vulnerability. Sometimes to > @@ -37,12 +37,12 @@ >  771: \ >   call 772f; \ >  773: /* speculation trap */ \ > - pause; \ > + lfence; \ >   jmp 773b; \ >  772: \ >   call 774f; \ >  775: /* speculation trap */ \ > - pause; \ > + lfence; \ >   jmp 775b; \ >  774: \ >   dec reg; \ > @@ -72,7 +72,7 @@ >  .macro RETPOLINE_JMP reg:req >   call .Ldo_rop_\@ >  .Lspec_trap_\@: > - pause > + lfence >   jmp .Lspec_trap_\@ >  .Ldo_rop_\@: >   mov \reg, (%_ASM_SP) > @@ -164,7 +164,7 @@ >   "       jmp    904f;\n" \ >   "       .align 16\n" \ >   "901: call   903f;\n" \ > - "902: pause;\n" \ > + "902: lfence;\n" \ >   "       jmp    902b;\n" \ >   "       .align 16\n" \ >   "903: addl   $4, %%esp;\n" \ > >