lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 26 Aug 2022 11:39:59 +0100 From: Will Deacon <will@...nel.org> To: Liu Song <liusong@...ux.alibaba.com> Cc: catalin.marinas@....com, james.morse@....com, linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH] arm64: spectre: increase parameters that can be used to turn off bhb mitigation individually On Fri, Aug 05, 2022 at 05:21:14PM +0800, Liu Song wrote: > From: Liu Song <liusong@...ux.alibaba.com> > > In our environment, it was found that the mitigation BHB has a great > impact on the benchmark performance. For example, in the lmbench test, > the "process fork && exit" test performance drops by 20%. > So it is necessary to have the ability to turn off the mitigation > individually through cmdline, thus avoiding having to compile the > kernel by adjusting the config. > > Signed-off-by: Liu Song <liusong@...ux.alibaba.com> > --- > arch/arm64/kernel/proton-pack.c | 10 +++++++++- > 1 file changed, 9 insertions(+), 1 deletion(-) > > diff --git a/arch/arm64/kernel/proton-pack.c b/arch/arm64/kernel/proton-pack.c > index 40be3a7..bd16903 100644 > --- a/arch/arm64/kernel/proton-pack.c > +++ b/arch/arm64/kernel/proton-pack.c > @@ -988,6 +988,14 @@ static void this_cpu_set_vectors(enum arm64_bp_harden_el1_vectors slot) > isb(); > } > > +static bool __read_mostly __nospectre_bhb; > +static int __init parse_spectre_bhb_param(char *str) > +{ > + __nospectre_bhb = true; > + return 0; > +} > +early_param("nospectre_bhb", parse_spectre_bhb_param); > + > void spectre_bhb_enable_mitigation(const struct arm64_cpu_capabilities *entry) > { > bp_hardening_cb_t cpu_cb; > @@ -1001,7 +1009,7 @@ void spectre_bhb_enable_mitigation(const struct arm64_cpu_capabilities *entry) > /* No point mitigating Spectre-BHB alone. */ > } else if (!IS_ENABLED(CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY)) { > pr_info_once("spectre-bhb mitigation disabled by compile time option\n"); > - } else if (cpu_mitigations_off()) { > + } else if (cpu_mitigations_off() || __nospectre_bhb) { > pr_info_once("spectre-bhb mitigation disabled by command line option\n"); > } else if (supports_ecbhb(SCOPE_LOCAL_CPU)) { > state = SPECTRE_MITIGATED; It would be good to have an Ack (or a shrug) from somebody @arm.com on this one. Other than that, the documentation needs updating for the new option. Will
Powered by blists - more mailing lists