Enhanced IBRS to Counter Spectre V2 Will Be In Linux 4.19 Kernel

Last week we covered the latest NetSpectre threat and what Spectre can do to Intel-based CPUs, and we’re relieved to hear that the Linux 4.19 kernel is slated to have initial SpectreRSB protection, and Enhanced IBRS as mitigation in future Intel CPUs against Spectre Variant Two.

The enhanced IBRS mode will aim to improve the performance impact of Spectre V2 mitigation in comparison to current x86 CPUs – while Spectre is still a theoretical threat that is currently too slow and unreliable for attackers to effectively utilize, its entirely possible the landscape will change, and many folks are taking Spectre quite seriously. Like, the apocalypse probably isn’t coming any time soon, but it doesn’t hurt to have a bomb shelter under your house, right?

In any case, the to-be-released Intel CPUs that will support Enhanced IBRS will benefit from the Linux 4.19 kernel by using the Enhanced IBRS instead of the existing Retpolines approach. This update is queued into Thomas Gleixner’s x86/pti Git tree, alongside the SpectreRSB patch, so they should be merged with the future Linux 4.19 kernel cycle.

Linux 4.18 should be released quite soon (this week or next), and the Linux 4.19 kernel merge window should begin quite soon after.

Kamil Anwar
Kamil is a certified MCITP, CCNA (W), CCNA (S) and a former British Computer Society Member with over 9 years of experience Configuring, Deploying and Managing Switches, Firewalls and Domain Controllers also an old-school still active on FreeNode.