[PATCH 0/3] arm64: proton-pack: Add Spectre-BSE mitigation for Cortex-A7{2,3,5}
James Morse
james.morse at arm.com
Wed Jan 29 07:16:07 PST 2025
Hi Bjoern,
On 23/01/2025 21:13, Doebel, Bjoern wrote:
>> Spectre-BSE is a variant of Spectre-BHB that abuses a power-saving mode
>> on some older cores to dodge the BHB mitigation applied to the branch predictor.
>>
>> Only A72r0 actually needs anything doing - this is basically a bug in the
>> published BHB mitigation sequence that was published for A72r0. This
>> series moves A72r0 to use the WA1 firmware call for mitigation, and adds
>> the necessary reporting parts for user-space to discover which parts of
>> BHB/BSE are mitigated or vulnerable.
>>
>> WA1 is used instead of WA3 which was new for BHB because we can't rely
>> on hypervisors not to use the 'local' workaround, and for Spectre-BSE
>> we don't need to worry about discovery via. (Which is why WA3 exists -
>> for cores not vulnerable to the issue mititaged by WA1).
>>
>> Arm's description of this vulnerability can be found here:
>> https://developer.arm.com/Arm%20Security%20Center/Spectre-BSE
>>
>> This series is based on arm64/for-next/core, and can be retrieved from:
>> https://git.kernel.org/pub/scm/linux/kernel/git/morse/linux.git/log/?h=spectre_bse/v1
>>
>> Backports of this version can also be found under spectre_bse/backports
>> of the above repo.
>>
>> Because this vulnerability is hard to expoit, but the cost of mitigating
>> it is high - the mitigation is disabled by default. (see the last
>> patch). To enable the mitigation, a command-line argument is needed:
>> 'spectre_bse'.
>
> I see that the patch to introduce this parameter is in the git series you linked above,
> but it is on top of the three patches in this series. Did you intend to send it as patch 4/4?
Yes. Oops. Thanks for point that out!
Thanks,
James
More information about the linux-arm-kernel
mailing list