[PATCH 0/3] arm64: proton-pack: Add Spectre-BSE mitigation for Cortex-A7{2,3,5}

Doebel, Bjoern doebel at amazon.de
Wed Jan 22 13:30:54 PST 2025


Hi,

On 22.01.25 18:47, James Morse wrote:
> Hello!
> 
> Spectre-BSE is a variant of Spectre-BHB that abuses a power-saving mode
> on some older cores to dodge the BHB mitigation applied to the branch predictor.
> 
> Only A72r0 actually needs anything doing - this is basically a bug in the
> published BHB mitigation sequence that was published for A72r0. This
> series moves A72r0 to use the WA1 firmware call for mitigation, and adds
> the necessary reporting parts for user-space to discover which parts of
> BHB/BSE are mitigated or vulnerable.
> 
> WA1 is used instead of WA3 which was new for BHB because we can't rely
> on hypervisors not to use the 'local' workaround, and for Spectre-BSE
> we don't need to worry about discovery via. (Which is why WA3 exists -
> for cores not vulnerable to the issue mititaged by WA1).
> 
> Arm's description of this vulnerability can be found here:
> https://developer.arm.com/Arm%20Security%20Center/Spectre-BSE
> 
> This series is based on arm64/for-next/core, and can be retrieved from:
> https://git.kernel.org/pub/scm/linux/kernel/git/morse/linux.git/log/?h=spectre_bse/v1
> 
> Backports of this version can also be found under spectre_bse/backports
> of the above repo.
> 
> Because this vulnerability is hard to expoit, but the cost of mitigating
> it is high - the mitigation is disabled by default. (see the last
> patch). To enable the mitigation, a command-line argument is needed:
> 'spectre_bse'.

The Amazon Linux kernel team evaluated these patches on EC2 A1 instances 
running Amazon Linux 2 and UnixBench. We can confirm that patch impact 
is significant, especially for syscall overhead.

UnixBench results in comparison to disabled mitigations (AL2, kernel 
5.15, EC2 A1.4xlarge instance):

Dhrystone 2           --  +0.01%
2prec Whetstone       --  +0.01%
Execl throughput      -- +21.39%
File Copy 1024/2000   -- +45.40%
File Copy 256/500     -- +46.52%
File Copy 4096/8000   -- +25.68%
Pipe Throughput       -- +51.46%
Pipe based ctx switch -- +10.91%
Process creation      --  +4.35%
Shell Scripts x1      -- +20.00%
Shell Scripts x8      -- +26.68%
System Call Overhead  -- +55.82%
Total Score           -- +28.36%


Best,
Bjoern




More information about the linux-arm-kernel mailing list