AmpereOne Getting Mitigated Against Spectre-BHB With Linux 6.2
Spectre-BHB targets the CPU's Branch History Buffer and affects a wide range of Arm cores. Arm's documentation around Spectre-BHB can be found via developer.arm.com.
As soon as Spectre-BHB was made public, the Linux kernel began seeing the mitigation fixes. Meanwhile coming with Linux 6.1 is the "nospectre_bhb" option to disable the mitigation. Alibaba at least found the Spectre-BHB mitigation cost too great that they preferred an option to disable this security protection at least among some of their fleet of Arm servers.
Ampere Computing's next-gen, in-house design Arm core, the AmpereOne, turns out is vulnerable to Spectre-BHB. Though that's not really surprising considering Spectre-BHB was only made public earlier this year and the AmpereOne design was firmed up prior to that point.
Queued up via Arm's "for-next/core" branch is adding AmpereOne to the Spectre-BHB affected list. The patch takes care of opting in the Ampere One to Spectre-BHB software mitigations. It's in "for-next" ahead of the Linux 6.2 merge window in December while may also be backpoted to the Linux stable series given it's a "security" fix. As mentioned there is also the new "nospectre_bhb" option for those wanting to disable this mitigation on affected CPU cores if concerned about the performance penalty.