Re: [PATCH v1 1/8] x86/entry/clearregs: Remove partial stack frame in fast system call

From: Andi Kleen
Date: Thu Jan 11 2018 - 13:44:49 EST


> Well it's kernel hardening to guard against possible future speculation
> attacks. Linus discussed it here for example:
>
> https://www.mail-archive.com/linux-kernel@xxxxxxxxxxxxxxx/msg1580667.html
>
> For the on/off switch I can add a CONFIG to enable it, even though
> it seems somewhat silly.

I did some micro benchmarking now, sampling different real system
calls.

For the entry code (entry to call) I get on average 62 cycles
for the old code, vs 78 cycles with clear regs and full
stack frame saving on Skylake.

So it's roughly ~20 cycles difference, if we include the restore.

I would conclude 20 cycles are not significant for a syscall,
so there's not a lot of motivation to add a switch
for less security.

-Andi