SESES Speculative Execution Pass Lands In LLVM With "Extreme Performance Implications"

Written by Michael Larabel in LLVM on 11 May 2020 at 05:36 PM EDT. 12 Comments
LLVM
The Google-backed SESES pass for LLVM to help fend off speculative execution vulnerabilities has been merged for LLVM 11, but in opting to enable this patch you lose much of your system's performance.

SESES was shown back in March by Google engineer Zola Bridges following the public disclosure of the Load Value Injection attack affecting Intel CPUs. SESES is an optional pass for LLVM on x86-based platforms for "Speculative Execution Side Effect Suppression" and is intended as a last resort for mitigating against the likes of LVI and other possible speculative execution side channel vulnerabilities.

SESES though is downright bloody and brutal to performance. This LLVM pass adds a load fence (LFENCE) instruction before each memory read instruction, memory write instruction, and the first branch instruction in a group of terminators at the end of a basic block. This is great for fending off vulnerabilities, but absolutely slaughters the performance.

In Zola Bridges' own test using Google's BoringSSL implementation, SESES'ed performance was just 7% that of the original speed. Yes, over a 90% hit to the performance.


Given the tremendous performance ramifications from this pass, even though it's opt-in it wasn't clear if it would be merged. Since the March discussion over it, finally today the patch was merged. SESES will now be available for those who want it in LLVM 11.

On the GNU side, you can see our GNU LVI mitigation impact testing while I will take LLVM SESES for a whirl soon.
12 Comments
Related News
LLVM's BOLT Being Adapted To Analyze Security Hardening Of Binaries
LLVM/Clang 18.1 Released With Intel AVX10.1 Work, Adds Clearwater Forest & Panther Lake
Meta Continues Working On BOLT'ing The Linux Kernel For Greater Performance
LLVM/Clang Can Work Fine As A GCC Replacement For Linux Distributions
LLVM 18.1-rc1 Released For Enabling New Intel CPU Features, More C23 & C++23
Autocheck To Check If Your C++ Code Is Safe For Automobiles & Safety Critical Systems
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
Fedora Linux 40 Available For Download As A Wonderful Upgrade
AMD: "Additional Parts Of The Radeon Stack To Be Open Sourced Throughout The Year"
Systemd 256-rc1 Brings A Huge Number Of New Features
NVIDIA Developer Opens Feature Pull Request For Open-Source NVK Driver
Microsoft Open-Sources MS-DOS 4.0 Under MIT License
Ubuntu 24.04 LTS Downloads Now Available
GNU Portability Library's Tool Rewritten In Python For 8~100x Better Performance
Niri 0.1.5 Scrollable-Tiling Wayland Compositor Adds New Animations