x86 Straight-Line Speculation Mitigation On Track For Linux 5.17

Written by Michael Larabel in Linux Security on 11 December 2021 at 06:10 AM EST. 14 Comments
The recent activity around x86 (x86_64 included) straight-line speculation mitigation handling is set to culminate with this security feature being set for mainline with the upcoming Linux 5.17 cycle.

Recent weeks have seen x86 straight-line speculation mitigations underway by compiler developers and the Linux kernel folks. This is similar to the Arm straight-line speculation "SLS" vulnerability and mitigation of last year but now seeing similar activity on the x86/x86_64 front for Intel and AMD.

The issue at hand is over processors speculatively executing instructions linearly in memory past an unconditional change in control flow. GCC 12 landed its compiler mitigation option and LLVM Clang is doing the same. The compilers are introducing a "-mharden-sls" option to add INT3 instructions after function returns and indirect branches to protect against possible straight-line speculation.

The Linux kernel side patches are basically about enabling this SLS hardening option for kernel builds. The kernel patches enable this hardening when on a supported kernel version (GCC 12+ and presumably Clang 14+) and when using a kernel build with Retpolines (return trampolines) enabled.

Confirming this now for Linux 5.17 is the x86 SLS mitigation patches have been merged into TIP's "x86/core" branch. The SLS option is added with the new "SLS" Kconfig build-time switch. This mitigation has a known consequence of increasing the text size for Linux kernel images by about 2.4% due to the additional instructions generated. The x86/core branch also has the other SLS related patches to objtool, preparing the Assembly code for the mitigation, and other x86 code changes preparing for the SLS mitigation.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week