Linux Readying Spectre V2 Userspace-Userspace Protection

While the Linux kernel has been patched for months (and updated CPU microcode available) to mitigate Spectre Variant Two "Branch Target Injection" this has been focused on kernel-space protection while patches are pending now for userspace-userspace protection.

Spectre V2 mitigation for application to application attacks hasn't been a priority since its more difficult to exploit due to ASLR (Address Space Layout Randomization). This protection is being worked on and these new patches enable app-to-app mitigation for Spectre Variant Two via IBPB (Indirect Branch Prediction Barrier) and STIBP (Single Thread Indirect Branch Predictors). This protection via the new Linux kernel patches is for both Intel and AMD CPUs.

But as with the other Spectre (and Meltdown) mitigations, this userspace-userspace protection will come at a performance cost. Tim Chen who posted these latest Linux kernel patches noted, "leaving STIBP on all the time is expensive for certain applications that have frequent indirect branches. One such application is perlbench in the SpecInt Rate 2006 test suite which shows a 21% reduction in throughput. Other application like bzip2 in the same test suite with minimal indirct branches have only a 0.7% reduction in throughput. IBPB will also impose overhead during context switches."

The default behavior will be for the kernel to decide on "lite" or "strict" behavior. The lite mode enables mitigation for non-dumpable processes while the strict mode protects all user processes. This support can be toggled via the spectre_v2_app2app= kernel configuration.

The four patches for this Spectre V2 app-to-app mitigation can be found on the kernel mailing list. As Spectre/Meltdown patches have generally been accepted to mainline when ready rather than waiting for the next cycle's merge window, we'll see if these patches end up landing in Linux 4.19 or held off until 4.20~5.0. Benchmarks will be coming soon on Phoronix.