Linux 6.1 Adding Option To Disable Spectre-BHB On Arm Due To "Great Impact" On Performance

Written by Michael Larabel in Arm on 11 September 2022 at 11:55 AM EDT. 16 Comments
Disclosed back in March was the Spectre-BHB / Branch History Injection (BHI) speculative execution vulnerability that on the Arm side affected CPUs from the likes of the Cortex-A15 through A78 series as well as the likes of the X1, X2, and A710, plus the Neoverse E1 / N1 / N2 / V1 CPUs. Now for Linux 6.1, a command-line option is being added for ARM64 to be able to disable the Spectre-BHB mitigation due to the "great impact" to performance.

The vulnerability is similar to Spectre V2 but exploiting the CPU's Branch History Buffer and was discovered by security researchers from Vrije Universiteit Amsterdam. Spectre-BHB / BHI was disclosed in early March and saw same-day Linux kernel mitigation patches for Arm and Intel CPUs.

The Arm mitigation added the MITIGATE_SPECTRE_BRANCH_HISTORY option to control at build-time whether to mitigate against Spectre-BHB, but there wasn't any run-time option for controlling the behavior at boot-time.

Now that the kernel mitigations have been part of the kernel for several months and various enterprise users begin moving to patched kernels, at least Alibaba is finding the mitigation to be too great of a performance impact.

Queued via ARM64's for-next/misc branch as of Friday is the ability to turn-off the Spectre-BHB mitigation at run-time while leaving other CPU security mitigations active.

The queued patch ahead of the Linux 6.1 kernel merge window allows disabling the Spectre-BHB mitigation at boot-time using the nospectre_bhb kernel option.

The Alibaba engineer who authored the patch summed things up with this commit message:
In our environment, it was found that the mitigation BHB has a great impact on the benchmark performance. For example, in the lmbench test, the "process fork && exit" test performance drops by 20%. So it is necessary to have the ability to turn off the mitigation individually through cmdline, thus avoiding having to compile the kernel by adjusting the config.

Only the lmbench impact number was shared while presumably other relevant workloads are also impacted, particularly real-world work, given Alibaba's interest in seeing this run-time option.

Arm engineer Catalin Marinas picked up this patch while commenting, "If people want to disable this mitigation and know what they are doing, I have no objection" and was seconded by longtime Arm Linux engineer Will Deacon. Besides appearing in Linux 6.1, it's also possible (and likely) the option in turn will be back-ported to existing kernel stable series too with time.

The list of affected Arm processors and other details on Spectre-BHB can be found at Additional information on the Spectre-BHB / Branch History Injection vulnerability itself can be found via the VUsec project site.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via

Popular News This Week