Clear Linux Rolls Out KPTI Page Isolation & Retpoline Support
Clear Linux 20240 is the rolling-release distribution's latest update today that takes care of Meltdown and Spectre protection. The Meltdown protection comes with pulling in the Linux 4.14.12 kernel and enabling the CONFIG_PAGE_TABLE_ISOLATION Kconfig switch for KPTI support.
For dealing with the Spectre issue they have patched their kernel with the Retpoline patches. Additionally, they have patched their GCC 7.2 compiler with the new switches added for Retpoline in fending off branch target injection attacks. They are quite quick in integrating these patches with most other distributions not yet pulling in those currently out-of-tree Reptoline patches.
So with these GCC and Linux kernel updates, they should be squared away with KPTI and Retpoline. I will be firing up some benchmarks (complementing the data also available from LinuxBenchmarking.com) of the latest Clear Linux though out of curiosity how it affects the distribution's performance and if the Intel developers behind this performance-optimized distribution have managed any engineering achievements yet to offset any losses from the I/O overhead shown in our benchmarks so far to be the biggest consequence of KPTI+Retpoline. At least going into it, Clear Linux has still generally performed the best of recent Linux distributions when using modern x86_64 hardware, but there will be some fresh benchmarks coming up soon of all the major Spectre/Meltdown-patched distributions on various systems.
Update: Before/after benchmarks of these patches on Clear Linux can now be found in these test results.