Add a flag to the x86 Speculative Execution Side Effect Suppression Pass
that allows users to turn off LFENCEing data invariant instructions.
Note that the list currently used by this flag does not include
information about vector instructions. That information can be added in
the future with no issues. The fact those instructions have not been
added to this list mean that it's also likely that the improvements
shown in the following performance data is understated.
This is a part of a set of flags that can be used to experiment with
optimizing this mitigation for Load Value Injection.
One pager on Load Value Injection:
https://software.intel.com/security-software-guidance/software-guidance/load-value-injection
Deep dive on Load Value Injection:
https://software.intel.com/security-software-guidance/insights/deep-dive-load-value-injection
Performance Testing Results
I ran the BoringSSL benchmarks which run many cryptographic operations
and reports the number of operations per second completed in a given
time.
Modified Mitigation vs Baseline
Geometric mean
0.129 (This can be read as the geomean ops/s of the mitigated program
was 12.9% of the ops/s of the unmitigated program. Similar below.)
Minimum
0.058
Quartile 1
0.104
Median
0.112
Quartile 3
0.139
Maximum
0.459
Fully Mitigated vs Baseline
Geometric mean
0.071
Minimum
0.041
Quartile 1
0.060
Median
0.063
Quartile 3
0.077
Maximum
0.230
Don't the instructions that match isDataInvariantLoad still pull things into the cache?