Linux 5.10 Slated To Use New Intel SERIALIZE In Fending Off Speculative Execution Bugs

Queued now in the "x86/cpu" development branch ahead of the Linux 5.10 kernel later this year is the change to make use of Intel's new "SERIALIZE" instruction within the kernel's "sync_core" code that is used for stopping the speculative execution and prefetching of modified code.

Earlier this year Intel's programming reference manual documented the new SERIALIZE instruction set to come next year with Sapphire Rapids and Alder Lake. SERIALIZE is used for ensuring all flags/register/memory modifications are complete and all buffered writes drained to memory before proceeding to the next instruction. SERIALIZE comes as a result of the speculative execution bugs hitting Intel particularly hard over the past few years.

With Linux 5.9 was the initial SERIALIZE patch while for Linux 5.10 is the work to now make use of SERIALIZE in sync_core, the function for stopping the speculative execution and prefetching of modified code. Sync_core still has fallbacks for all current CPUs while SERIALIZE is much cleaner moving forward. The performance cost in practice for SERIALIZE compared to the existing methods has yet to be publicly documented.

In any case, the patch is now in x86/cpu ahead of Linux 5.10's merge window opening in October.