> Well it's kernel hardening to guard against possible future speculation > attacks. Linus discussed it here for example: > > https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1580667.html > > For the on/off switch I can add a CONFIG to enable it, even though > it seems somewhat silly.
I did some micro benchmarking now, sampling different real system calls. For the entry code (entry to call) I get on average 62 cycles for the old code, vs 78 cycles with clear regs and full stack frame saving on Skylake. So it's roughly ~20 cycles difference, if we include the restore. I would conclude 20 cycles are not significant for a syscall, so there's not a lot of motivation to add a switch for less security. -Andi
