Initial Retpoline Support Added To LLVM For Spectre v2 Mitigation

Written by Michael Larabel in Linux Security on 22 January 2018 at 05:38 PM EST. 3 Comments
LINUX SECURITY
The LLVM code has been merged to mainline for the Retpoline x86 mitigation technique for Spectre Variant 2. This will be back-ported to LLVM 6.0 and also LLVM 5.0 with an immediate point release expected to get this patched compiler out in the wild.

The compiler-side work -- similar to GCC's Retpoline code -- is to avoid generating code where an indirect branch could have its prediction poisoned by a rogue actor. The Retpoline support uses indirect calls in a non-speculatable way.

The LLVM switches are slightly different from GCC's -mindirect-branch options with LLVM opting for -mretpoline and -mretpoline-external-thunk if wanting to use a custom thunk.

About the Retpoline'd LLVM performance impact:
When manually apply similar transformations to `-mretpoline` to the Linux kernel we observed very small performance hits to applications running typical workloads, and relatively minor hits (approximately 2%) even for extremely syscall-heavy applications. This is largely due to the small number of indirect branches that occur in performance sensitive paths of the kernel.

When using these patches on statically linked applications, especially C++ applications, you should expect to see a much more dramatic performance hit. For microbenchmarks that are switch, indirect-, or virtual-call heavy we have seen overheads ranging from 10% to 50%.

However, real-world workloads exhibit substantially lower performance impact. Notably, techniques such as PGO and ThinLTO dramatically reduce the impact of hot indirect calls (by speculatively promoting them to direct calls) and allow optimized search trees to be used to lower switches. If you need to deploy these techniques in C++ applications, we *strongly* recommend that you ensure all hot call targets are statically linked (avoiding PLT indirection) and use both PGO and ThinLTO. Well tuned servers using all of these techniques saw 5% - 10% overhead from the use of retpoline.

The code is currently in LLVM 7.0 Git/SVN while will be back-ported to LLVM 6.0 being prepared for release next month and is also working its way into LLVM 5.0 code-base. Once that code is in the LLVM 5.0 branch with that being the current stable series, LLVM developers are planning on issuing a new point release as soon as possible to get this -mretpoline support more widely available.
3 Comments
Related News
Linux 6.9-rc4 To Bring New Fixes For x86 Speculation Mitigations
Linux Kernel Patched For Branch History Injection "BHI" Intel CPU Vulnerability
GitHub Disables The XZ Repository Following Today's Malicious Disclosure
XZ Struck By Malicious Code That Could Allow Unauthorized Remote System Access
Linux 6.9 Sees Further Security Hardening
GhostRace Detailed - Speculative Race Conditions Affecting All Major CPUs / ISAs
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
Linus Torvalds Injects Tabs To Thwart Kconfig Parsers Not Correctly Handling Them
Linux 6.10 To Merge NTSYNC Driver For Emulating Windows NT Synchronization Primitives
Ubuntu Maker Canonical Announces New Collaboration With Qualcomm
Fedora 41 Looks To "-O3" Optimizations For Its Python Build
APT 2.9 Released: Debian's APT 3.0 To Have A New UI With Colors, Columnar Display & More
Former Nouveau Lead Developer Joins NVIDIA, Continues Working On Open-Source Driver
KDE's KWin Merges Wayland Explicit Sync Support
Gentoo Linux Now An SPI Project