Clear Linux Rolls Out KPTI Page Isolation & Retpoline Support

Written by Michael Larabel in Clear Linux on 8 January 2018 at 02:10 PM EST. 24 Comments
CLEAR LINUX
Intel's own Clear Linux distribution has now been updated with protection for addressing the Spectre and Meltdown vulnerabilities disclosed last week.

Clear Linux 20240 is the rolling-release distribution's latest update today that takes care of Meltdown and Spectre protection. The Meltdown protection comes with pulling in the Linux 4.14.12 kernel and enabling the CONFIG_PAGE_TABLE_ISOLATION Kconfig switch for KPTI support.

For dealing with the Spectre issue they have patched their kernel with the Retpoline patches. Additionally, they have patched their GCC 7.2 compiler with the new switches added for Retpoline in fending off branch target injection attacks. They are quite quick in integrating these patches with most other distributions not yet pulling in those currently out-of-tree Reptoline patches.

So with these GCC and Linux kernel updates, they should be squared away with KPTI and Retpoline. I will be firing up some benchmarks (complementing the data also available from LinuxBenchmarking.com) of the latest Clear Linux though out of curiosity how it affects the distribution's performance and if the Intel developers behind this performance-optimized distribution have managed any engineering achievements yet to offset any losses from the I/O overhead shown in our benchmarks so far to be the biggest consequence of KPTI+Retpoline. At least going into it, Clear Linux has still generally performed the best of recent Linux distributions when using modern x86_64 hardware, but there will be some fresh benchmarks coming up soon of all the major Spectre/Meltdown-patched distributions on various systems.

Update: Before/after benchmarks of these patches on Clear Linux can now be found in these test results.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week