x86 Straight-Line Speculation Mitigation Patches Updated For Linux
Written by Michael Larabel in Linux Security on 5 December 2021 at 06:13 AM EST. 7 Comments
LINUX SECURITY --
A year after Arm processors began mitigating straight-line speculation, Linux developers have been working on similar straight-line speculation mitigations for x86/x86_64 processors.

The past few months we have been seeing Linux kernel and GCC and LLVM/Clang patches around straight-line speculation mitigation for Intel / AMD processors. The issue at hand is over processors speculatively executing instructions linearly in memory past an unconditional change in control flow.

The compilers are adding a "mharden-sls" option to add INT3 instructions after function returns and indirect branches to protect against possible straight-line speculation. On kernel side, the patches being worked on are to make use of the SLS hardening option where present. The patches would enable this hardening when on a supported kernel version (GCC 12+ and presumably Clang 14+) and when using a kernel build with Retpolines (return trampolines) enabled. As this option controls the code generation, it would be just a build-time option and not controllable at run-time for the kernel.


Sent out on Saturday were the latest patches for the kernel around this SLS mitigation handling as mostly a refactoring of the prior proposed changes, which also includes the objtool changes for validating the SLS mitigation handling with speculation traps after indirect calls and RETs. As a known side effect, SLS mitigation for the kernel does increase the text size of the kernel build by around 2.4% due to the additional (INT3) instructions.
Related News
About The Author
Author picture

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter or contacted via MichaelLarabel.com.

Popular News This Week