Linux 5.1 Landing Feature For Reducing Scope Of Spectre V4 Speculation Protection

Written by Michael Larabel in Linux Kernel on 5 March 2019 at 08:09 AM EST. Add A Comment
LINUX KERNEL
The x86/pti updates for Linux 5.1 is bringing a new PR_SPEC_DISABLE_NOEXEC option where speculation protection for SSBD doesn't end up being passed to new processes started by exec in such use-cases where it's safe to do so. Utilizing this option will thus eliminate the overhead associated with this Spectre Variant 4 "Speculative Store Bypass" behavior.

Back in January when the work around PR_SPEC_DISABLE_NOEXEC was initially queued up in the x86/pti working tree, I wrote about it in more detail. See Linux Kernel Getting New Option So SSBD Isn't Over-Protective - Helping Performance. Now that the Linux 5.1 merge window is open, this pull request has been submitted for landing in the mainline kernel.

The motivation for adding this option is use-cases like Java where speculation protections are enabled for JVMs but new processes launched from there don't need this protection themselves and thus lowering performance due to the unnecessary overhead outside of the core virtual machine itself. Now that's possible to avoid as user-space software can begin opting to use PR_SPEC_DISABLE_NOEXEC where safe to do so.

This new flag is the only addition for the x86/pti Spectre/Meltdown area with the Linux 5.1 merge window.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week