Zola Bridges from Google for the LLVM compiler set, a patch with the implementation of SESES (Speculative Execution Side Effect Suppression) protection, which helps block attacks on the speculative execution mechanism in Intel CPUs, such as . The protection method is implemented at the compiler level and is based on the addition by the compiler when generating machine code of instructions , which are substituted before each instruction to read from memory or write to memory, and also before the first branch instruction in the group of instructions that ends the block.
The LFENCE instruction waits for all previous memory reads to be committed and prevents preemptive execution of subsequent instructions after LFENCE before the commit is complete. The use of LFENCE leads to a significant decrease in performance, so it is proposed to use protection in extreme cases for especially critical code. In addition to full protection, the patch offers three flags that allow you to selectively disable certain levels of protection to reduce the negative impact on performance.
In the tests performed, the use of SESES protection for the BoringSSL package led to a decrease in the number of operations performed by the library per second by 14 times - the performance of the library version compiled with protection turned out to be only 7.1% on average from the indicators of the unprotected version (the range depending on the test is from 4% to 23% ).
For comparison, previously for GNU Assembler, the mechanism that performs LFENCE substitution after each memory load operation and before some branch instructions showed a performance decrease of about 5 times (22% of code without protection). The protection method is also ΠΈ by Intel engineers, but performance testing results for it have not yet been published. Initially, the researchers who identified the LVI attack predicted a 2- to 19-fold decrease in performance when applying full protection.
Source: opennet.ru