lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Fri, 26 Aug 2022 11:39:59 +0100
From:   Will Deacon <will@...nel.org>
To:     Liu Song <liusong@...ux.alibaba.com>
Cc:     catalin.marinas@....com, james.morse@....com,
        linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] arm64: spectre: increase parameters that can be used to
 turn off bhb mitigation individually

On Fri, Aug 05, 2022 at 05:21:14PM +0800, Liu Song wrote:
> From: Liu Song <liusong@...ux.alibaba.com>
> 
> In our environment, it was found that the mitigation BHB has a great
> impact on the benchmark performance. For example, in the lmbench test,
> the "process fork && exit" test performance drops by 20%.
> So it is necessary to have the ability to turn off the mitigation
> individually through cmdline, thus avoiding having to compile the
> kernel by adjusting the config.
> 
> Signed-off-by: Liu Song <liusong@...ux.alibaba.com>
> ---
>  arch/arm64/kernel/proton-pack.c | 10 +++++++++-
>  1 file changed, 9 insertions(+), 1 deletion(-)
> 
> diff --git a/arch/arm64/kernel/proton-pack.c b/arch/arm64/kernel/proton-pack.c
> index 40be3a7..bd16903 100644
> --- a/arch/arm64/kernel/proton-pack.c
> +++ b/arch/arm64/kernel/proton-pack.c
> @@ -988,6 +988,14 @@ static void this_cpu_set_vectors(enum arm64_bp_harden_el1_vectors slot)
>  	isb();
>  }
>  
> +static bool __read_mostly __nospectre_bhb;
> +static int __init parse_spectre_bhb_param(char *str)
> +{
> +	__nospectre_bhb = true;
> +	return 0;
> +}
> +early_param("nospectre_bhb", parse_spectre_bhb_param);
> +
>  void spectre_bhb_enable_mitigation(const struct arm64_cpu_capabilities *entry)
>  {
>  	bp_hardening_cb_t cpu_cb;
> @@ -1001,7 +1009,7 @@ void spectre_bhb_enable_mitigation(const struct arm64_cpu_capabilities *entry)
>  		/* No point mitigating Spectre-BHB alone. */
>  	} else if (!IS_ENABLED(CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY)) {
>  		pr_info_once("spectre-bhb mitigation disabled by compile time option\n");
> -	} else if (cpu_mitigations_off()) {
> +	} else if (cpu_mitigations_off() || __nospectre_bhb) {
>  		pr_info_once("spectre-bhb mitigation disabled by command line option\n");
>  	} else if (supports_ecbhb(SCOPE_LOCAL_CPU)) {
>  		state = SPECTRE_MITIGATED;

It would be good to have an Ack (or a shrug) from somebody @arm.com on this
one.

Other than that, the documentation needs updating for the new option.

Will

Powered by blists - more mailing lists