Spectre V1 Mitigation, IBPB Support Sent In For Linux 4.16

Written by Michael Larabel in Linux Security on 4 February 2018 at 01:09 PM EST. 8 Comments
LINUX SECURITY
Last week Meltdown/Spectre patch wrangler Thomas Gleixner sent in various code clean-ups for Retpolines and KPTI with Linux 4.16 while today more feature work has been submitted. This includes initial mitigation work for Spectre v1 as well as IBPB support.

First up with this latest round of "melted spectrum" patches as Gleixner is now calling them are Spectre v1 mitigations. Spectre Variant One is the "Bounds Check Bypass" (2017-5753) and the initial mitigation work going mainline is user pointer sanitization.

This pull request also has basic Indirect Branch Prediction Barrier (IBPB) support. IBPB is part of the CPU microcode approach for mitigating Spectre by ensuring earlier code's behavior does not control later indirect branch predictions.

Other work in this pull includes making KVM's indirect calls speculation safe, a new array index speculation blocker, blacklisting broken microcodes with faulty IBPB/IBSR support, exposing the speculation MSRs to KVM guests, regression fixes, better whitelisting of known safe CPUs, and various other code clean-ups.

Among the CPUs now whitelisted from Spectre mitigations since they don't speculate are Intel's Atom Cedarview / Cloverview / Lincroft / Penwell / Pineview processors. The x86 Centaur/VIA and NSC CPUs are also being whitelisted.

In today's PR, Thomas Gleixner that there still is other outstanding work around Spectre/Meltdown mitigation. Still to be done include protection like RBS underflow mitigation for Skylake CPUs and other small improvements.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week