Spectre & KPTI Get More Fixes In Linux 4.16, Offsets Some KVM Performance Losses

Written by Michael Larabel in Linux Security on 15 February 2018 at 05:49 AM EST. 9 Comments
LINUX SECURITY
While we are past the Linux 4.16 merge window, more Spectre and Meltdown related improvements and changes are still being allowed into the kernel, similar to all the KPTI/Retpoline work that landed late in Linux 4.15. On Wednesday was another big batch of KPTI and Spectre work that has already been merged.

When it comes to the kernel page table isolation (PTI/KPTI) code, there are several fixes. But more of the work in this pull request from Ingo Molnar is centered on Spectre. For reducing the speculation attack surface with Spectre, extra registers beyond syscall arguments are cleared as well as registers for compat syscalls and registers for exceptions/interrupts.

This Git merge also updates/corrects the speculation control microcode blacklist based upon the latest microcode information from the CPU vendors about known microcodes where the speculation control should be working fine or not.

Also notable is that KVM's Spectre helpers are made into inline functions to increase the performance and they say should be closer to Linux 4.14 kernel performance levels or when booting with nospectre_v2 for bypassing the Variant Two safeguards.

There are also many fixes to this Spectre mitigation code. The complete list of changes can be found via this pull request that Linus Torvalds already merged into Linux 4.16 over night.
9 Comments
Related News
Linux 6.7 Introduces "make hardening.config" To Help Build A Hardened Kernel
AppArmor Adds IO_uring Mediation & Some Performance Optimizations
Curl Preps For "Probably The Worst Curl Security Flaw In A Long Time"
Linux Now Mitigating Hygon CPUs For Inception/SRSO Vulnerability
Red Hat Working On Delayed Module Signature Verification To Speed-Up Linux Boot Times
SELinux In Linux 6.6 Removes References To Its Origins At The US NSA
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
Roundcube Open-Source Webmail Software Merges With Nextcloud
Firefox 121 Is Looking Good For Having Wayland Enabled By Default
Debian's MIPS64EL CPU Port Is At Risk Due To Declining Hardware Access
PCSX2 Emulator Disables Wayland Support By Default
LACT Is The Newest AMD Radeon GUI Control Panel For Linux
KDE Is Down To Just One Wayland Showstopper Bug Remaining
TUXEDO Computers Launches First All-AMD Linux Gaming Laptop
OpenZFS Is Still Battling A Data Corruption Issue