| Message ID | 20250122174736.1560714-1-james.morse@arm.com (mailing list archive) |
|---|---|
| Headers | show |
| Series | arm64: proton-pack: Add Spectre-BSE mitigation for Cortex-A7{2,3,5} | expand |
Hi, On 22.01.25 18:47, James Morse wrote: > Hello! > > Spectre-BSE is a variant of Spectre-BHB that abuses a power-saving mode > on some older cores to dodge the BHB mitigation applied to the branch predictor. > > Only A72r0 actually needs anything doing - this is basically a bug in the > published BHB mitigation sequence that was published for A72r0. This > series moves A72r0 to use the WA1 firmware call for mitigation, and adds > the necessary reporting parts for user-space to discover which parts of > BHB/BSE are mitigated or vulnerable. > > WA1 is used instead of WA3 which was new for BHB because we can't rely > on hypervisors not to use the 'local' workaround, and for Spectre-BSE > we don't need to worry about discovery via. (Which is why WA3 exists - > for cores not vulnerable to the issue mititaged by WA1). > > Arm's description of this vulnerability can be found here: > https://developer.arm.com/Arm%20Security%20Center/Spectre-BSE > > This series is based on arm64/for-next/core, and can be retrieved from: > https://git.kernel.org/pub/scm/linux/kernel/git/morse/linux.git/log/?h=spectre_bse/v1 > > Backports of this version can also be found under spectre_bse/backports > of the above repo. > > Because this vulnerability is hard to expoit, but the cost of mitigating > it is high - the mitigation is disabled by default. (see the last > patch). To enable the mitigation, a command-line argument is needed: > 'spectre_bse'. The Amazon Linux kernel team evaluated these patches on EC2 A1 instances running Amazon Linux 2 and UnixBench. We can confirm that patch impact is significant, especially for syscall overhead. UnixBench results in comparison to disabled mitigations (AL2, kernel 5.15, EC2 A1.4xlarge instance): Dhrystone 2 -- +0.01% 2prec Whetstone -- +0.01% Execl throughput -- +21.39% File Copy 1024/2000 -- +45.40% File Copy 256/500 -- +46.52% File Copy 4096/8000 -- +25.68% Pipe Throughput -- +51.46% Pipe based ctx switch -- +10.91% Process creation -- +4.35% Shell Scripts x1 -- +20.00% Shell Scripts x8 -- +26.68% System Call Overhead -- +55.82% Total Score -- +28.36% Best, Bjoern
On Wed, 22 Jan 2025, Doebel, Bjoern wrote: > Hi, > > On 22.01.25 18:47, James Morse wrote: > > Hello! > > > > Spectre-BSE is a variant of Spectre-BHB that abuses a power-saving mode > > on some older cores to dodge the BHB mitigation applied to the branch > > predictor. > > > > Only A72r0 actually needs anything doing - this is basically a bug in the > > published BHB mitigation sequence that was published for A72r0. This > > series moves A72r0 to use the WA1 firmware call for mitigation, and adds > > the necessary reporting parts for user-space to discover which parts of > > BHB/BSE are mitigated or vulnerable. > > > > WA1 is used instead of WA3 which was new for BHB because we can't rely > > on hypervisors not to use the 'local' workaround, and for Spectre-BSE > > we don't need to worry about discovery via. (Which is why WA3 exists - > > for cores not vulnerable to the issue mititaged by WA1). > > > > Arm's description of this vulnerability can be found here: > > https://developer.arm.com/Arm%20Security%20Center/Spectre-BSE > > > > This series is based on arm64/for-next/core, and can be retrieved from: > > https://git.kernel.org/pub/scm/linux/kernel/git/morse/linux.git/log/?h=spectre_bse/v1 > > > > Backports of this version can also be found under spectre_bse/backports > > of the above repo. > > > > Because this vulnerability is hard to expoit, but the cost of mitigating > > it is high - the mitigation is disabled by default. (see the last > > patch). To enable the mitigation, a command-line argument is needed: > > 'spectre_bse'. > > The Amazon Linux kernel team evaluated these patches on EC2 A1 instances > running Amazon Linux 2 and UnixBench. We can confirm that patch impact is > significant, especially for syscall overhead. > > UnixBench results in comparison to disabled mitigations (AL2, kernel 5.15, EC2 > A1.4xlarge instance): > > Dhrystone 2 -- +0.01% > 2prec Whetstone -- +0.01% > Execl throughput -- +21.39% > File Copy 1024/2000 -- +45.40% > File Copy 256/500 -- +46.52% > File Copy 4096/8000 -- +25.68% > Pipe Throughput -- +51.46% > Pipe based ctx switch -- +10.91% > Process creation -- +4.35% > Shell Scripts x1 -- +20.00% > Shell Scripts x8 -- +26.68% > System Call Overhead -- +55.82% > Total Score -- +28.36% > > > Best, > Bjoern > We also conducted full sized workload tests that we consider representative of common use cases for A1 instances. The data we see shows the impact can be significant depending on workload: NGINX server configured as a load-balancer: -20% Memcached loaded so P99 response latency <10ms: -29% Memcached loaded so P99 response latency <1ms: -2% Wordpress blog server: -2% Thanks, Geoff
Hi again James, > Spectre-BSE is a variant of Spectre-BHB that abuses a power-saving mode > on some older cores to dodge the BHB mitigation applied to the branch predictor. > > Only A72r0 actually needs anything doing - this is basically a bug in the > published BHB mitigation sequence that was published for A72r0. This > series moves A72r0 to use the WA1 firmware call for mitigation, and adds > the necessary reporting parts for user-space to discover which parts of > BHB/BSE are mitigated or vulnerable. > > WA1 is used instead of WA3 which was new for BHB because we can't rely > on hypervisors not to use the 'local' workaround, and for Spectre-BSE > we don't need to worry about discovery via. (Which is why WA3 exists - > for cores not vulnerable to the issue mititaged by WA1). > > Arm's description of this vulnerability can be found here: > https://developer.arm.com/Arm%20Security%20Center/Spectre-BSE > > This series is based on arm64/for-next/core, and can be retrieved from: > https://git.kernel.org/pub/scm/linux/kernel/git/morse/linux.git/log/?h=spectre_bse/v1 > > Backports of this version can also be found under spectre_bse/backports > of the above repo. > > Because this vulnerability is hard to expoit, but the cost of mitigating > it is high - the mitigation is disabled by default. (see the last > patch). To enable the mitigation, a command-line argument is needed: > 'spectre_bse'. I see that the patch to introduce this parameter is in the git series you linked above, but it is on top of the three patches in this series. Did you intend to send it as patch 4/4? Best regards, Bjoern
Hello! Spectre-BSE is a variant of Spectre-BHB that abuses a power-saving mode on some older cores to dodge the BHB mitigation applied to the branch predictor. Only A72r0 actually needs anything doing - this is basically a bug in the published BHB mitigation sequence that was published for A72r0. This series moves A72r0 to use the WA1 firmware call for mitigation, and adds the necessary reporting parts for user-space to discover which parts of BHB/BSE are mitigated or vulnerable. WA1 is used instead of WA3 which was new for BHB because we can't rely on hypervisors not to use the 'local' workaround, and for Spectre-BSE we don't need to worry about discovery via. (Which is why WA3 exists - for cores not vulnerable to the issue mititaged by WA1). Arm's description of this vulnerability can be found here: https://developer.arm.com/Arm%20Security%20Center/Spectre-BSE This series is based on arm64/for-next/core, and can be retrieved from: https://git.kernel.org/pub/scm/linux/kernel/git/morse/linux.git/log/?h=spectre_bse/v1 Backports of this version can also be found under spectre_bse/backports of the above repo. Because this vulnerability is hard to expoit, but the cost of mitigating it is high - the mitigation is disabled by default. (see the last patch). To enable the mitigation, a command-line argument is needed: 'spectre_bse'. This series adds more things to the vulnerability reporting file: | morse@adam:~$ cat /sys/devices/system/cpu/vulnerabilities/spectre_v2 | Mitigation: CSV2, BHB, but not BSE or: | Mitigation: CSV2, BHB, BSE (KVM maintainers are on CC as this changes which mitigation KVM enables, and there is some hypervisor reasoning in the last patch) Thanks, James Morse (3): arm64: proton-pack: Move the loop and firmware enable sequences into helpers arm64: proton-pack: Add Spectre-BSE mitigation for Cortex-A7{2,3,5} arm64: proton-pack: Prefer WA1 for BHB on Cortex-A72 r0pX arch/arm64/include/asm/assembler.h | 4 +- arch/arm64/include/asm/spectre.h | 1 + arch/arm64/kernel/proton-pack.c | 230 +++++++++++++++++++++++------ 3 files changed, 191 insertions(+), 44 deletions(-)