Linux Preps New AMD ERAPS Feature With EPYC Turin To Benefit Performance
Posted to the Linux kernel mailing list last week and now queued already via tip/tip.git's "x86/cpu" Git branch is support for a new AMD CPU feature we haven't heard about until now... ERAPS, the Enhanced Return Address Prediction Security.
AMD ERAPS (Enhanced Return Address Prediction Security) hasn't yet appeared in AMD's public official programming documentation (besides simply noting the bit position of the ERAPS indicator) nor was it mentioned as part of the EPYC 9005 "Turin" series briefings.
AMD ERAPS aims to help recover some of the performance of security mitigations introduced following the Spectre class vulnerabilities over the past several years. ERAPS is a new defense for mitigating certain classes of speculative attacks such as Return Stack Buffer (RSB) poisoning attacks.
The message on the patch allowing the Linux kernel to make use of ERAPS on Turin and future processors further explains:
With this AMD ERAPS feature now in TIP's x86/cpu branch, it's likely going to be merged for the upcoming Linux 6.13 cycle.
I will be checking out this new AMD ERAPS enablement for the Linux kernel to see if it provides any measurable benefit to the performance for the new EPYC 9005 series server processors across real-world workloads.
AMD ERAPS (Enhanced Return Address Prediction Security) hasn't yet appeared in AMD's public official programming documentation (besides simply noting the bit position of the ERAPS indicator) nor was it mentioned as part of the EPYC 9005 "Turin" series briefings.
AMD ERAPS aims to help recover some of the performance of security mitigations introduced following the Spectre class vulnerabilities over the past several years. ERAPS is a new defense for mitigating certain classes of speculative attacks such as Return Stack Buffer (RSB) poisoning attacks.
The message on the patch allowing the Linux kernel to make use of ERAPS on Turin and future processors further explains:
"Remove explicit RET stuffing / filling on VMEXITs and context switches on AMD CPUs with the ERAPS feature (Zen5).
With the Enhanced Return Address Prediction Security feature, any hardware TLB flush results in flushing of the RSB (aka RAP in AMD spec). This guarantees an RSB flush across context switches. The feature also explicitly tags host and guest addresses - eliminating the need for explicit flushing of the RSB on VMEXIT.
The BTC_NO feature in AMD CPUs ensures RET predictions do not speculate from outside the RSB. Together, the BTC_NO and ERAPS features ensure no flushing or stuffing of the RSB is necessary anymore."
With this AMD ERAPS feature now in TIP's x86/cpu branch, it's likely going to be merged for the upcoming Linux 6.13 cycle.
I will be checking out this new AMD ERAPS enablement for the Linux kernel to see if it provides any measurable benefit to the performance for the new EPYC 9005 series server processors across real-world workloads.
1 Comment