Spectre / Meltdown Code Gets Cleaned Up, Improvements For Linux 4.16
After the page table isolation (K)PTI support was added late in the Linux 4.15 kernel cycle in light of the Meltdown CPU vulnerability, improvements to this code are on the way with Linux 4.16.
Thomas Gleixner who has been doing a significant effort to get the Linux kernel's page table isolation support in order sent out the pull request today of the "PTI" updates for the Linux 4.16 merge window. As part of the PTI tree are also some Retpoline updates as part of the continued work in addressing the Spectre vulnerability too.
For existing code from last cycle there has been some cleanups and simplifications to some areas, including the Retpolines work. The indirect calls for KVM have also been made speculation-safe. Besides AMD CPUs that are marked as safe from Meltdown, some older Intel Atom CPUs (Family 4 / 5) are also now deemed safe and do not enable PTI support. A new CPID flag is being worked on for telling the kernel it is not affected by Meltdown.
This pull request also prepares for Indirect Branch Prediction Barrier (IBPB) support but does not yet actually land it as part of today's pull request. IBPB is part of the CPU microcode based approach for mitigating Spectre. There are also preparations for exposing Speculation Control MSRs to guests, but again this code is currently work-in-progress.
We will see what other Spectre/Meltdown-related code gets queued up for Linux 4.16 as we move forward with this kernel cycle having just kicked off last night. This pull request has the initial change-log of this work for Linux 4.16, some of which may end up being backported to stable series, but we'll wait and see.
Thomas Gleixner who has been doing a significant effort to get the Linux kernel's page table isolation support in order sent out the pull request today of the "PTI" updates for the Linux 4.16 merge window. As part of the PTI tree are also some Retpoline updates as part of the continued work in addressing the Spectre vulnerability too.
For existing code from last cycle there has been some cleanups and simplifications to some areas, including the Retpolines work. The indirect calls for KVM have also been made speculation-safe. Besides AMD CPUs that are marked as safe from Meltdown, some older Intel Atom CPUs (Family 4 / 5) are also now deemed safe and do not enable PTI support. A new CPID flag is being worked on for telling the kernel it is not affected by Meltdown.
This pull request also prepares for Indirect Branch Prediction Barrier (IBPB) support but does not yet actually land it as part of today's pull request. IBPB is part of the CPU microcode based approach for mitigating Spectre. There are also preparations for exposing Speculation Control MSRs to guests, but again this code is currently work-in-progress.
We will see what other Spectre/Meltdown-related code gets queued up for Linux 4.16 as we move forward with this kernel cycle having just kicked off last night. This pull request has the initial change-log of this work for Linux 4.16, some of which may end up being backported to stable series, but we'll wait and see.
11 Comments