Intel Prepares "Enhanced IBRS" As Better Spectre V2 Protection For Future CPUs
An Intel engineer has today published a patch providing support for enhanced IBRS within the Linux kernel, which aims to provide better Spectre Variant Two protection by default with future generations of Intel CPUs.
The Enhanced IBRS (Indirect Branch Restricted Speculation) is simpler from the software perspective while also being able to yield greater performance than the basic IBRS method offered for current x86 CPUs.
Intel's public documentation explains, "With enhanced IBRS, the predicted targets of indirect branches executed cannot be controlled by software that was executed in a less privileged predictor mode or on another logical processor. As a result, software operating on a processor with enhanced IBRS need not use WRMSR to set IA32_SPEC_CTRL.IBRS after every transition to a more privileged predictor mode. Software can isolate predictor modes effectively simply by setting the bit once. Software need not disable enhanced IBRS prior to entering a sleep state such as MWAIT or HLT.]"
This basic patch adapts the existing Linux x86 speculation code for Enhanced IBRS and -- for capable CPUs -- enables it by default for Spectre V2 mitigation instead of Retpolines. But it remains to be seen when Intel will launch a processor with "Enhanced IBRS" there has been some speculation that Intel may have this ready within approximately one year. The kernel patch can be found here and might make it into the Linux 4.19 merge window.
The Enhanced IBRS (Indirect Branch Restricted Speculation) is simpler from the software perspective while also being able to yield greater performance than the basic IBRS method offered for current x86 CPUs.
Intel's public documentation explains, "With enhanced IBRS, the predicted targets of indirect branches executed cannot be controlled by software that was executed in a less privileged predictor mode or on another logical processor. As a result, software operating on a processor with enhanced IBRS need not use WRMSR to set IA32_SPEC_CTRL.IBRS after every transition to a more privileged predictor mode. Software can isolate predictor modes effectively simply by setting the bit once. Software need not disable enhanced IBRS prior to entering a sleep state such as MWAIT or HLT.]"
This basic patch adapts the existing Linux x86 speculation code for Enhanced IBRS and -- for capable CPUs -- enables it by default for Spectre V2 mitigation instead of Retpolines. But it remains to be seen when Intel will launch a processor with "Enhanced IBRS" there has been some speculation that Intel may have this ready within approximately one year. The kernel patch can be found here and might make it into the Linux 4.19 merge window.
26 Comments