Announcement

Collapse
No announcement yet.

Linux 6.1 Adding Option To Disable Spectre-BHB On Arm Due To "Great Impact" On Performance

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Linux 6.1 Adding Option To Disable Spectre-BHB On Arm Due To "Great Impact" On Performance

    Phoronix: Linux 6.1 Adding Option To Disable Spectre-BHB On Arm Due To "Great Impact" On Performance

    Disclosed back in March was the Spectre-BHB / Branch History Injection (BHI) speculative execution vulnerability that on the Arm side affected CPUs from the likes of the Spectre-A15 through A78 series as well as the likes of the X1, X2, and A710, plus the Neoverse E1 / N1 / N2 / V1 CPUs. Now for Linux 6.1, a command-line option is being added for ARM64 to be able to disable the Spectre-BHB mitigation due to the "great impact" to performance...

    https://www.phoronix.com/news/Linux-...-ARM64-BHI-BHB

  • #2
    Michael
    from the likes of the Spectre-A15 through A78
    Cortex?

    Comment


    • #3
      Originally posted by leonmaxx View Post
      Michael

      Cortex?
      Whoops, lol. yes. Thanks.
      Michael Larabel
      https://www.michaellarabel.com/

      Comment


      • #4
        Does that affect M1, too? Especially considering the benchmarks we saw for the Asahi Linux project on this site?

        Comment


        • #5
          do we really need this mitigation for normal user who only use youtube and steam and maybe some website

          Comment


          • #6
            Originally posted by Aryma View Post
            do we really need this mitigation for normal user who only use youtube and steam and maybe some website
            it depends on attitude. For me 20% is nothing for better security. On the other hand cloud providers offer Arm servers as well.

            Comment


            • #7
              Originally posted by Aryma View Post
              do we really need this mitigation for normal user who only use youtube and steam and maybe some website
              If your system runs untrusted code, then yes, there is a danger. This includes javascript, so it is possible that just visiting a website could expose your system. There is some work being put in to web browsers to address that exposure. That being said, I run with mitigations=off, which disables all of these workarounds. maybe I'll turn them on when I get a faster box.

              Comment


              • #8
                Originally posted by tunnelblick View Post
                Does that affect M1, too? Especially considering the benchmarks we saw for the Asahi Linux project on this site?
                No. Apple does not use ARM core IP and instead develops their own microarchitectures.

                Comment


                • #9
                  Originally posted by Aryma View Post
                  do we really need this mitigation for normal user who only use youtube and steam and maybe some website
                  No. There's no known drive-by spectre-javascript-cryptotrojan attack or something similar.
                  But the kernel devs also have to take care of all the big and small hosting providers. I would not bet they would all explicitly set a "mitigationsn" kernel parameter, and exploiting this Spectre/Meltdown stuff to take over a data center is not that hard.

                  Comment


                  • #10
                    Originally posted by Dawn View Post

                    No. Apple does not use ARM core IP and instead develops their own microarchitectures.
                    I feel like this response could easily be misconstrued.

                    Apple is one of several ARM architecture license holders. As Dawn said, they develop their own cores targeting the ARM ISA. Those cores might not be vulnerable to this particular Spectre variant, but all of Apple's designs aren't magically immune to these new speculative execution / side channel / timing attacks that have appeared over the last half decade (time flies doesn't it!). It takes several years for new CPU designs to make it to market, and we've basically been witnessing a game of whack-a-mole over the last few years as new designs have been trying to harden against these attacks.

                    Apple has had to release software mitigations.

                    https://support.apple.com/en-us/HT208394

                    X86 has gotten the lion's share of research for these types of attacks, but more is definitely needed on the ARM side.

                    https://misc0110.net/files/applespectre_dimva22.pdf

                    Comment

                    Working...
                    X