Add a flag to the x86 Speculative Execution Side Effect Suppression Pass
that allows users to turn off adding LFENCEs in basic blocks with no
loads.
This is a part of a set of flags that can be used to experiment with
optimizing this mitigation for Load Value Injection.
One pager on Load Value Injection:
https://software.intel.com/security-software-guidance/software-guidance/load-value-injection
Deep dive on Load Value Injection:
https://software.intel.com/security-software-guidance/insights/deep-dive-load-value-injection
Results of my performance testing
I ran the BoringSSL benchmarks which run many cryptographic operations
and reports the number of operations per second completed in a given
time.
Modified Mitigation vs Baseline
Geometric mean
0.073 (This can be read as the geomean ops/s of the mitigated program
was 7.3% of the ops/s of the unmitigated program. Similar below.)
Minimum
0.041
Quartile 1
0.060
Median
0.066
Quartile 3
0.081
Maximum
0.234
Fully Mitigated vs Baseline
Geometric mean
0.071
Minimum
0.041
Quartile 1
0.060
Median
0.063
Quartile 3
0.077
Maximum
0.230
nit: please wrap at 80cols, potentially by "splitting the" " string"