[PATCH] arm64: set MITIGATE_SPECTRE_BRANCH_HISTORY to n by default
Will Deacon
will at kernel.org
Tue Jul 16 02:03:42 PDT 2024
On Tue, Jul 16, 2024 at 05:51:36PM +0900, Chanho Min wrote:
> lmbench shows 25% performance regression after MITIGATE_SPECTRE_BRANCH_HISTORY
> is enabled. This performance drop may be more significant than mitigating
> the spectre-BHB. This patch changes this security option to disable by default
> and makes it selectable.
>
> - lat_syscall result with MITIGATE_SPECTRE_BRANCH_HISTORY enabled (cortex-a78)
> write call 0.2777 0.2810 0.2824 0.280367
> read call 0.3435 0.3452 0.3443 0.344333
>
> - lat_syscall result with MITIGATE_SPECTRE_BRANCH_HISTORY disabled (cortex-a78)
> write call 0.2101 0.2117 0.2116 0.2111
> read call 0.2732 0.2744 0.2763 0.274633
It's sad, but it's not surprising. Mitigations rarely make things faster.
> Signed-off-by: Chanho Min <chanho.min at lge.com>
> ---
> arch/arm64/Kconfig | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
> index 5d91259ee7b5..be76f425c060 100644
> --- a/arch/arm64/Kconfig
> +++ b/arch/arm64/Kconfig
> @@ -1626,7 +1626,7 @@ config UNMAP_KERNEL_AT_EL0
>
> config MITIGATE_SPECTRE_BRANCH_HISTORY
> bool "Mitigate Spectre style attacks against branch history" if EXPERT
> - default y
> + default n
> help
> Speculation attacks against some high-performance processors can
> make use of branch history to influence future speculation.
> --
> 2.17.1
It's better to be safe than sorry, so I think it's right to default
this to 'y'. The mitigation can be disabled on the kernel command-line,
e.g. using the "nospectre_bhb" option.
Will
More information about the linux-arm-kernel
mailing list