Linux + GCC/Clang Patches Coming For Straight-Line Speculation Mitigation On x86/x86_64

Written by Michael Larabel in Linux Security on 28 October 2021 at 09:54 AM EDT. 2 Comments
LINUX SECURITY
Disclosed last year by Arm was their processors affected by a straight-line speculation vulnerability. In this case the processor could speculatively execute instructions linearly in memory past an unconditional change in control flow. There has been talk about possible straight-line speculation on x86/x86_64 but without any action while now GCC and LLVM/Clang compiler developers along with Linux kernel developers are preparing such mitigation support.

Last year LLVM added mitigations around Arm's straight-line speculation vulnerability as did GCC added SLS mitigation support for Arm. Those opt-in compiler options can be used when building important software like the kernel.

Up until just recently, there hasn't been seemingly any major (public) activity around possible straight-line speculation exposure on x86/x86_64 (aside from occasional patches albeit unmerged that acknowledge some CPUs may speculate past RET) but now mitigation patches are coming. Posted this week was this new GCC bug report for new code generation options around Retpolines and Straight Line Speculation. "straight line speculation has been discussed before, but without any action taken. It would be helpful to have a code gen option which would emit `int3` following any `ret` instruction, and any indirect jump, as neither of these two cases have following architectural execution."


GCC -- and LLVM Clang developers following the same approach -- would honor -mharden-sls= on x86/x86_64 for straight-line speculation mitigations around returns, indirect branches, or both.

That GCC side compiler support is still pending while a kernel patch was posted this morning to make use of GCC's x86 mitigation for straight-line speculation. That patch depends upon having underlying compiler support for mharden-sls=all.

Stay tuned and we'll see where this fresh round of mitigation work leads and will have performance benchmarks of any impact once the compiler and kernel patches are ready as well as hearing formal guidance where this x86 SLS mitigation will be recommended or necessary.
2 Comments
Related News
New Linux Patch Lets You Force CPU Bugs/Mitigations Even When Not Vulnerable
Linux To Allow Disabling TPM PCR Integrity Protection Due To Performance Bottleneck
OpenPaX Announced As "Open-Source Alternative To GrSecurity" With Free Kernel Patch
Unauthenticated RCE Flaw With CVSS 9.9 Rating For Linux Systems Affects CUPS
Landlock Sandboxing Now Supports More Controls Around Unix Sockets
Linux 6.12 Adds Build Options For Greater Control Over CPU Security Mitigations
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
OpenWrt Affected By Security Issue That Could Have Led To Compromised Build Artifacts
How AMD Is Taking Standard C/C++ Code To Run Directly On GPUs
Linux EFI Zboot Abandoning "Compression Library Museum", Focusing On Gzip & Zstd
Ptyxis Becomes Ubuntu's Recommended Replacement To GNOME Terminal
COSMIC Alpha 4 Released For System76's Rust-Based Desktop
GNU Shepherd 1.0 Service Manager Released As "Solid Tool" Alternative To systemd
KDE Starts December By Landing A Number Of New Features
NTSYNC Linux Patches Revived To Help Boost Steam Play Gaming Performance