x86 Straight Line Speculation Mitigation Being Back-Ported To GCC 11
There sure has been a lot of x86 straight-line speculation happenings in recent months with the compiler-based mitigation being merged for GCC 12 and then beginning with Linux 5.17 the kernel can make use of that new knob for fending off this potential vulnerability. Now the compiler support is even being back-ported to GCC 11.
Rather than x86 straight-line speculation mitigation only being found in the upcoming GCC 12 release, it's also being back-ported to the GCC 11 stable series. Intel's H.J. Lu sent out the patches adding the -mharden-sls= and -mindirect-branch-cs-prefix compiler switches to the GCC 11 code-base. The x86 SLS mitigation adds INT3 instructions after function returns and indirect branches to fend off the processor potentially speculatively executing linearly in memory past an unconditional change in control flow. The -mindirect-branch-cs-prefix option is to be automatically used for RETPOLINE builds.
So far I haven't seen any public, official guidance from Intel on their x86 SLS recommendations and affected processors. But considering all of this x86 patch activity didn't happen for a year after the Arm SLS vulnerability was disclosed, there may be something new abound causing all this x86 activity in recent months.
The GCC 11 patches are currently on gcc-patches and in turn should appear for the GCC 11.3 point release (as well as the GCC 12.1 feature release in April).
Rather than x86 straight-line speculation mitigation only being found in the upcoming GCC 12 release, it's also being back-ported to the GCC 11 stable series. Intel's H.J. Lu sent out the patches adding the -mharden-sls= and -mindirect-branch-cs-prefix compiler switches to the GCC 11 code-base. The x86 SLS mitigation adds INT3 instructions after function returns and indirect branches to fend off the processor potentially speculatively executing linearly in memory past an unconditional change in control flow. The -mindirect-branch-cs-prefix option is to be automatically used for RETPOLINE builds.
So far I haven't seen any public, official guidance from Intel on their x86 SLS recommendations and affected processors. But considering all of this x86 patch activity didn't happen for a year after the Arm SLS vulnerability was disclosed, there may be something new abound causing all this x86 activity in recent months.
The GCC 11 patches are currently on gcc-patches and in turn should appear for the GCC 11.3 point release (as well as the GCC 12.1 feature release in April).
5 Comments