Another Minor Optimization Queued For Systems Mitigated Against Spectre / Meltdown

On Intel systems affected by the Meltdown and Spectre vulnerabilities, another minor optimization is on its way to the Linux kernel to ever so slightly lower the impact of the kernel-based page table isolation (PTI) mitigation.

The minor optimization is removing the SYSCALL64 entry trampoline. On an Intel Skylake system with Retpolines and KPTI enabled, the syscall overhead dropped from about 237 ns down to 228 ns. It wouldn't be noticeable by itself, but for months already and likely for the foreseeable future until corrected CPUs are on the market, kernel engineers will continue to pursue every micro-optimization possible to help offset the performance losses introduced by the Spectre and Meltdown mitigation techniques. They have certainly made improvements to the performance since the original KPTI and Retpoline work since January, but in I/O heavy syscall heavy workloads there remains a generally noticeable overhead.

As far as any security ramifications from dropping the SYSCALL64 entry trampoline, Andy Lutomirski who wrote this patch commented, " This does not add a new direct information leak, since the TSS is readable by Meltdown from the cpu_entry_area alias regardless. It does allow a timing attack to locate the percpu area, but KASLR is more or less a lost cause against local attack on CPUs vulnerable to Meltdown regardless. As far as I'm concerned, on current hardware, KASLR is only useful to mitigate remote attacks that try to attack the kernel without first gaining RCE against a vulnerable user process."

The patch as of this morning is now queued in Thomas Gleixner's x86/pti branch where the Spectre / Meltdown mitigation work pools before being pulled into the mainline Linux kernel.