Intel Prepares "Enhanced IBRS" As Better Spectre V2 Protection For Future CPUs

Written by Michael Larabel in Linux Security on 24 July 2018 at 05:48 PM EDT. 26 Comments
LINUX SECURITY
An Intel engineer has today published a patch providing support for enhanced IBRS within the Linux kernel, which aims to provide better Spectre Variant Two protection by default with future generations of Intel CPUs.

The Enhanced IBRS (Indirect Branch Restricted Speculation) is simpler from the software perspective while also being able to yield greater performance than the basic IBRS method offered for current x86 CPUs.

Intel's public documentation explains, "With enhanced IBRS, the predicted targets of indirect branches executed cannot be controlled by software that was executed in a less privileged predictor mode or on another logical processor. As a result, software operating on a processor with enhanced IBRS need not use WRMSR to set IA32_SPEC_CTRL.IBRS after every transition to a more privileged predictor mode. Software can isolate predictor modes effectively simply by setting the bit once. Software need not disable enhanced IBRS prior to entering a sleep state such as MWAIT or HLT.]"

This basic patch adapts the existing Linux x86 speculation code for Enhanced IBRS and -- for capable CPUs -- enables it by default for Spectre V2 mitigation instead of Retpolines. But it remains to be seen when Intel will launch a processor with "Enhanced IBRS" there has been some speculation that Intel may have this ready within approximately one year. The kernel patch can be found here and might make it into the Linux 4.19 merge window.
26 Comments
Related News
Linux BHI Mitigation Being Tweaked Following 12% Database Performance Hit
Linux 6.9-rc4 To Bring New Fixes For x86 Speculation Mitigations
Linux Kernel Patched For Branch History Injection "BHI" Intel CPU Vulnerability
GitHub Disables The XZ Repository Following Today's Malicious Disclosure
XZ Struck By Malicious Code That Could Allow Unauthorized Remote System Access
Linux 6.9 Sees Further Security Hardening
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
Rust-Written LAVD Kernel Scheduler Shows Promising Results For Linux Gaming
Linus Torvalds Injects Tabs To Thwart Kconfig Parsers Not Correctly Handling Them
Former Nouveau Lead Developer Joins NVIDIA, Continues Working On Open-Source Driver
Fedora Linux 40 Cleared For Release Next Week
Mozilla Finally Begins Offering Firefox ARM64 Linux Binaries
Ubuntu 24.04 Supports Easy Installation Of OpenZFS Root File-System With Encryption
openSUSE Factory Achieves Bit-By-Bit Reproducible Builds
Linux 6.10 Preps A Kernel Panic Screen - Sort Of A "Blue Screen of Death"