Benchmarking The Performance Impact Of Linux 5.15's Newest Protection Around Side Channel Attacks
With the in-development Linux 5.15 kernel there is a new option for further protecting the kernel around side channel attacks and information leakage. Enabling the option will ensure that any caller-used register contents are zeroed prior to returning from a function. While the reported performance cost is said to be small, I decided to run some benchmarks when toggling this new Kconfig hardening option.
As outlined in the aforelinked article, this new "CONFIG_ZERO_CALL_USED_REGS" option with Linux 5.15 is ultimately about building the Linux kernel with the GCC's zero-call-used-regs compiler option enabled. That zero-call-used-regs option was added to the GCC 11 compiler that debuted as stable earlier this year.
CONFIG_ZERO_CALL_USED_REGS hopes to ensure that temporary values are not potentially leaked outside of the function to reduce the chances of register contents being exploited for side channel attacks or other information exposures. The CONFIG_ZERO_CALL_USED_REGS patches previously noted that using this option was able to reduce the number of ROP gadgets in a kernel image by around 20% and eliminate simple "write-what-where" gadgets.
The patches do note that the performance impact of enabling this kernel option with GCC 11+ was found to be less than 1% for a parallel kernel build test. The option also impacts the kernel image by less than 1% on AArch64 while an AArch64 kernel build can grow by ~5% with this option.
With the ZERO_CALL_USED_REGS just mentioning performance tests for a parallel kernel build, I was curious to test benchmark this option with a wider variety of workloads.
On an AMD Ryzen 9 5950X system, I built the hardening branch of this code for Linux 5.15 in a default configuration and then repeated that kernel build with the only change being CONFIG_ZERO_CALL_USED_REGS=y. GCC 11.2 was used to build this hardened kernel branch of the code that since has been merged to Linux 5.15 mainline.