Linux Prepares Straight Line Speculation "SLS" Mitigation For x86/x86_64 CPUs

Written by Michael Larabel in GNU on 18 November 2021 at 03:00 AM EST. 1 Comment
GNU
Last month I reported on activity around Straight Line Speculation "SLS" mitigation for x86_64 CPUs, similar to the work carried out by Arm last year on their SLS vulnerability. That work on the x86 (x86_64 inclusive) side has now been merged to GCC 12 Git and a kernel patch is expected to come shortly that will flip it on as the latest CPU security protection.

Prior to a few weeks ago, much of the Straight Line Speculation talk was in reference to mitigating on Arm with GCC and LLVM/Clang having already merged their mitigation. But now there has been increasing x86_64 activity culminating with the GNU Compiler Collection support being merged on Wednesday.

The merged change introduces the -mharden-sls= option for x86_64 and includes values of none, all, return, or indirect-branch. The behavior mitigates against straight-line speculation of speculatively executing instructions linearly in memory past an unconditional change in control flow. The mitigation is handled by adding an INT3 instruction after function returns and indirect branches.

There was already a Linux kernel patch proposed to make use of this compiler SLS hardening option where available. In the GCC bug comments it's mentioned a new patch is expected to be posted soon (now that the GCC patch is merged) with a proposal to use the option for all RETPOLINE-enabled kernel builds. In turn this would effectively see the option enabled for most kernel builds out there as far as production OS vendor kernel builds are concerned, assuming the patch is accepted. We'll see though if more discussions over x86_64 SLS real-world impact or new disclosures come up soon given the recent industry developer interest.


GCC 12 adds the Straight Line Speculation mitigation for Intel / AMD (x86/x86_64) CPUs.


The GCC 12.1 stable compiler release with this new "-mharden-sls=" option should see its stable release around April if GNU compiler trends hold true. I'll be running some benchmarks soon to confirm any performance impact around this compiler option and the Linux kernel builds at least and potentially other relevant software.
1 Comment
Related News
Patches Posted For Review Adding COBOL Frontend To GCC Compiler
Glibc 2.41 Adds C23's sinpi / cospi / tanpi Functions
GCC 15 Ends Support For Altera Nios II Embedded Processors
GNU Linux-libre 6.12-gnu Continues Dealing With More Blobs In The Kernel
GCC 15 Compiler Development Shifts From Features To Bug Fixing
GCC 15 Moves C Default Language Version To C23
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
OpenWrt Affected By Security Issue That Could Have Led To Compromised Build Artifacts
Linus Torvalds Comes Out Against "Completely Broken" x86_64 Feature Levels
How AMD Is Taking Standard C/C++ Code To Run Directly On GPUs
Linux EFI Zboot Abandoning "Compression Library Museum", Focusing On Gzip & Zstd
Ptyxis Becomes Ubuntu's Recommended Replacement To GNOME Terminal
COSMIC Alpha 4 Released For System76's Rust-Based Desktop
GNU Shepherd 1.0 Service Manager Released As "Solid Tool" Alternative To systemd
KDE Starts December By Landing A Number Of New Features