Linux 6.9-rc4 To Bring New Fixes For x86 Speculation Mitigations

Written by Michael Larabel in Linux Security on 14 April 2024 at 06:21 AM EDT. Add A Comment
LINUX SECURITY
The Linux 6.9-rc4 weekly test release is due out later today and ahead of that this week's "x86/urgent" material has been sent in that includes several patches for various x86 speculation mitigation fixes.

For the Native BHI mitigation that landed last week for Intel processors there are a few fixes to that code with 6.9-rc4. The Branch History Injection (BHI) documentation has been cleared up to address some inaccuracies in the descriptions, there is a fix for BHI handling of RRSBA (Restricted RSB Alternate for newer Intel CPUs), and the spectre_bhi=auto / CONFIG_BHI_MITIGATION_AUTO path has been removed. The Spectre BHI "auto" mode doesn't make much sense since it only mitigates on newer Intel systems while leaving older Intel CPUs vulnerable. So it's better just relying on "spectre_bhi=on" instead of "auto".

More broadly in the x86 speculation mitigation world, Linux 6.9-rc4 has a fix to actually turn off the CPU security mitigations by default for kernel builds using the CONFIG_SPECULATION_MITIGATIONS Kconfig switch to force off the mitigations. A one-liner fix is needed since right now SPECULATION_MITIGATIONS=n on existing kernels still puts the kernel into the "auto" mitigation mode contrary to the Kconfig intention.

Linux disable mitigations fix


More details on this week's x86 urgent fixes via this pull ahead of Linux 6.9-rc4 being released in roughly twelve hours.
Add A Comment
Related News
New Linux Patch Lets You Force CPU Bugs/Mitigations Even When Not Vulnerable
Linux To Allow Disabling TPM PCR Integrity Protection Due To Performance Bottleneck
OpenPaX Announced As "Open-Source Alternative To GrSecurity" With Free Kernel Patch
Unauthenticated RCE Flaw With CVSS 9.9 Rating For Linux Systems Affects CUPS
Landlock Sandboxing Now Supports More Controls Around Unix Sockets
Linux 6.12 Adds Build Options For Greater Control Over CPU Security Mitigations
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
OpenWrt Affected By Security Issue That Could Have Led To Compromised Build Artifacts
How AMD Is Taking Standard C/C++ Code To Run Directly On GPUs
Linux EFI Zboot Abandoning "Compression Library Museum", Focusing On Gzip & Zstd
Ptyxis Becomes Ubuntu's Recommended Replacement To GNOME Terminal
GNU Shepherd 1.0 Service Manager Released As "Solid Tool" Alternative To systemd
KDE Starts December By Landing A Number Of New Features
NTSYNC Linux Patches Revived To Help Boost Steam Play Gaming Performance
Rust-Based, Memory-Safe PNG Decoders "Vastly Outperform" C-Based PNG Libraries