Linux 4.17 Lands Initial Spectre V4 "Speculative Store Bypass" For POWER CPUs
Following yesterday's public disclosure of Spectre Variant Four, a.k.a. Speculative Store Bypass, the Intel/AMD mitigation work immediately landed while overnight the POWER CPU patch landed.
Initial mitigation work landed in the Linux 4.17 Git tree with this affecting the newest POWER9 CPUs and at least back through POWER7 that they are aware of. The commit explains:
My Intel/AMD Spectre V4 SSB benchmarking is currently ongoing, results will likely be out in a few hours for the initial impact numbers.
Initial mitigation work landed in the Linux 4.17 Git tree with this affecting the newest POWER9 CPUs and at least back through POWER7 that they are aware of. The commit explains:
On some CPUs we can prevent a vulnerability related to store-to-load forwarding by preventing store forwarding between privilege domains, by inserting a barrier in kernel entry and exit paths.
This is known to be the case on at least Power7, Power8 and Power9 powerpc CPUs.
Barriers must be inserted generally before the first load after moving to a higher privilege, and after the last store before moving to a lower privilege, HV and PR privilege transitions must be protected.
Barriers are added as patch sections, with all kernel/hypervisor entry points patched, and the exit points to lower privilge levels patched similarly to the RFI flush patching.
Firmware advertisement is not implemented yet, so CPU flush types are hard coded.
My Intel/AMD Spectre V4 SSB benchmarking is currently ongoing, results will likely be out in a few hours for the initial impact numbers.
2 Comments