AmpereOne Getting Mitigated Against Spectre-BHB With Linux 6.2

Made public earlier this year was Spectre-BHB / BHI as a speculative execution vulnerability similar to Spectre V2 and affecting Intel and Arm CPUs. At the time Neoverse N2 / N1 / V1 and older cores like Cortex-A15 / A57 / A72 were known to be vulnerable and required software mitigations. The upcoming AmpereOne is also vulnerable to Spectre-BHB and has a patch now on its way to the Linux kernel for mitigating this Spectre class vulnerability.

Spectre-BHB targets the CPU's Branch History Buffer and affects a wide range of Arm cores. Arm's documentation around Spectre-BHB can be found via developer.arm.com.

As soon as Spectre-BHB was made public, the Linux kernel began seeing the mitigation fixes. Meanwhile coming with Linux 6.1 is the "nospectre_bhb" option to disable the mitigation. Alibaba at least found the Spectre-BHB mitigation cost too great that they preferred an option to disable this security protection at least among some of their fleet of Arm servers.

Ampere Computing's next-gen, in-house design Arm core, the AmpereOne, turns out is vulnerable to Spectre-BHB. Though that's not really surprising considering Spectre-BHB was only made public earlier this year and the AmpereOne design was firmed up prior to that point.

Queued up via Arm's "for-next/core" branch is adding AmpereOne to the Spectre-BHB affected list. The patch takes care of opting in the Ampere One to Spectre-BHB software mitigations. It's in "for-next" ahead of the Linux 6.2 merge window in December while may also be backpoted to the Linux stable series given it's a "security" fix. As mentioned there is also the new "nospectre_bhb" option for those wanting to disable this mitigation on affected CPU cores if concerned about the performance penalty.