Spectre & KPTI Get More Fixes In Linux 4.16, Offsets Some KVM Performance Losses
When it comes to the kernel page table isolation (PTI/KPTI) code, there are several fixes. But more of the work in this pull request from Ingo Molnar is centered on Spectre. For reducing the speculation attack surface with Spectre, extra registers beyond syscall arguments are cleared as well as registers for compat syscalls and registers for exceptions/interrupts.
This Git merge also updates/corrects the speculation control microcode blacklist based upon the latest microcode information from the CPU vendors about known microcodes where the speculation control should be working fine or not.
Also notable is that KVM's Spectre helpers are made into inline functions to increase the performance and they say should be closer to Linux 4.14 kernel performance levels or when booting with nospectre_v2 for bypassing the Variant Two safeguards.
There are also many fixes to this Spectre mitigation code. The complete list of changes can be found via this pull request that Linus Torvalds already merged into Linux 4.16 over night.