Linux Lands Mitigations For Spectre-BHB / BHI On Intel & Arm, Plus An AMD Change Too

Within minutes of the BHI speculative execution vulnerability going public, patches were merged into the mainline Linux kernel Git tree for mitigating this offshoot from Spectre V2. The Intel and Arm processors affected by BHI (also referred to as Spectre-BHB) have mitigation work plus a change also impacts AMD processors too.

The Arm Spectre BHB mitigations for 32-bit kernels on Arm were merged. This affects Arm Cortex A15, A57, A72, A73, A75, and Brahma B15. The Arm 32-bit mitigations are over 400 lines of new kernel code making multiple changes to the kernel.

There is also the 64-bit Arm kernel changes with roughly 800 lines of code. The changes there are making EL1 vectors per-CPU, mitigation sequences to the EL1/EL2 vectors on vulnerable CPUs, a workaround for KVM guests, and reporting on vulnerable CPUs when the unprivileged eBPF is enabled.

Lastly are the x86/x86_64 BHI mitigations. This mitigates the Spectre-BHB/BHI attacks for systems that support eIBRS and also updates the documentation and warnings. With the x86/x86_64 work is adding retpolines and LFENCE capabilities on top of the eIBRS hardware mitigation. "Mitigate Spectre v2-type Branch History Buffer attacks on machines which support eIBRS, i.e., the hardware-assisted speculation restriction after it has been shown that such machines are vulnerable even with the hardware mitigation."

Notable with this pull request too is no longer defaulting to LFENCE-based Spectre V2 mitigations on AMD systems but rather the generic Retpolines implementation.

These changes were all merged this afternoon into Linux 5.17 Git mainline. The patches should also be backported to the various supported stable Linux kernel series and distribution kernels in short order. The main attack vector known so far for BHI is around unprivileged eBPF usage so it's recommend that the unprivileged support be disabled.

Fresh Spectre mitigation benchmarks coming up shortly.