The creator of Linux expressed doubts about the feasibility of the default activation technology Single Thread Indirect Branch Predictors (STIBP). This patch provides additional protection against Specter v2 hardware vulnerabilities. Programmers working on the Linux kernel built STIBP into kernel version 4.19.2 and implemented it in version 4.20.
Torvalds said that STIBP has a very negative effect on system performance when using SMT / Hyper-Threading technologies. In some cases, performance is reduced by 50%. To avoid performance degradation, users have to disable these simultaneous multithreading tools. But disabling SMT / Hyper-Threading is one way to protect against Specter v2 attacks. Thus, the need to use STIBP is questionable.
Torvalds notes that browsers, developers of which have already built the necessary protection modules, usually become the object of attack in the ordinary user's system. Referring to this, the programmer considers the practical implementation of Specter v2 attack unlikely.
Linus does not offer to completely eliminate STIBP from the OS kernel, but only to leave this mechanism disabled by default, allowing users to make decisions about the appropriateness of its use.
Intel experts Arjan van de Ven and Tim Chen reported that Intel and AMD also consider the use of STIBP by default unnecessary. In their opinion, this tool should be used only in critical cases, for example, when explicitly requested via prctl or for processes that prohibit the creation of core memory dumps.
Testing of the Linux 4.20 kernel showed that the performance drop depends on the nature of the task being performed. Ingo Molnar, another developer of the OS kernel, proposed to introduce a rule according to which new protective technologies will be displayed in the lists of system modifications along with the results of testing their impact on performance.
Specter attacks are aimed at the hardware vulnerability of modern processors associated with the implementation of speculative computing. When choosing protection you have to balance between security and performance. Shifting the decision to enable STIBP technology to users, Torvalds gives them the opportunity to adjust this balance themselves.