Ghostbusters - Linux 5.10 To Bring Rewritten Spectre Mitigations For 64-bit ARM
Linux 5.10 is set to bring a major rework to the Spectre mitigation handling for the 64-bit ARM architecture.
Arm Linux developers have been working on "Ghostbusters" as a major rework to the ARM64 mitigation code around Spectre Variant Two and Spectre Variant Four.
The ARM64 Spectre V2 mitigation code was rewritten as it was "pretty unwieldy and hard to maintain. This is largely due to it being written hastily, without much clue as to how things would pan out, and also because it ends up mixing policy and state in such a way that it is very difficult to figure out what's going on. Rewrite the Spectre-v2 mitigation so that it clearly separates state from policy and follows a more structured approach to handling the mitigation."
Similarly, the Spectre V4 / SSBD kernel code for ARM64 was also rewritten along similar lines to Spectre V2 to clear up the logic and offer better code maintainability.
The "Ghostbusters" code drops various ARM64 kernel configuration (Kconfig) options as they were "too configurable for their own good" while the command line options for disabling mitigations on Linux remain supported. Plus there is a lot of code clean-ups. One new feature of the rewrite is that PR_SPEC_DISABLE_NOEXEC for prctl() is now supported on ARM. This option allows software to temporarily enable the Speculative Store Bypass mitigation only until the next execve() call.
This Ghostbusters rewrite of the Spectre mitigation code is now in the "for-next/core" Git branch of ARM 64-bit development ahead of the Linux 5.10 merge window. There shouldn't be any performance changes from this rewritten Spectre mitigation code, but we'll run some fresh Linux 5.10 ARM64 benchmarks when the cycle gets underway. Let's hope though this restructuring of the Spectre code nearly three years later is being done just for genuine cleaning up the codebase and not other motives like preparing for new mitigations.
Arm Linux developers have been working on "Ghostbusters" as a major rework to the ARM64 mitigation code around Spectre Variant Two and Spectre Variant Four.
The ARM64 Spectre V2 mitigation code was rewritten as it was "pretty unwieldy and hard to maintain. This is largely due to it being written hastily, without much clue as to how things would pan out, and also because it ends up mixing policy and state in such a way that it is very difficult to figure out what's going on. Rewrite the Spectre-v2 mitigation so that it clearly separates state from policy and follows a more structured approach to handling the mitigation."
Similarly, the Spectre V4 / SSBD kernel code for ARM64 was also rewritten along similar lines to Spectre V2 to clear up the logic and offer better code maintainability.
The "Ghostbusters" code drops various ARM64 kernel configuration (Kconfig) options as they were "too configurable for their own good" while the command line options for disabling mitigations on Linux remain supported. Plus there is a lot of code clean-ups. One new feature of the rewrite is that PR_SPEC_DISABLE_NOEXEC for prctl() is now supported on ARM. This option allows software to temporarily enable the Speculative Store Bypass mitigation only until the next execve() call.
This Ghostbusters rewrite of the Spectre mitigation code is now in the "for-next/core" Git branch of ARM 64-bit development ahead of the Linux 5.10 merge window. There shouldn't be any performance changes from this rewritten Spectre mitigation code, but we'll run some fresh Linux 5.10 ARM64 benchmarks when the cycle gets underway. Let's hope though this restructuring of the Spectre code nearly three years later is being done just for genuine cleaning up the codebase and not other motives like preparing for new mitigations.
2 Comments