Linux 5.1 Landing Feature For Reducing Scope Of Spectre V4 Speculation Protection

Back in January when the work around PR_SPEC_DISABLE_NOEXEC was initially queued up in the x86/pti working tree, I wrote about it in more detail. See Linux Kernel Getting New Option So SSBD Isn't Over-Protective - Helping Performance. Now that the Linux 5.1 merge window is open, this pull request has been submitted for landing in the mainline kernel.
The motivation for adding this option is use-cases like Java where speculation protections are enabled for JVMs but new processes launched from there don't need this protection themselves and thus lowering performance due to the unnecessary overhead outside of the core virtual machine itself. Now that's possible to avoid as user-space software can begin opting to use PR_SPEC_DISABLE_NOEXEC where safe to do so.
This new flag is the only addition for the x86/pti Spectre/Meltdown area with the Linux 5.1 merge window.
Add A Comment