| Message ID | 20240716085136.4160-1-chanho.min@lge.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | arm64: set MITIGATE_SPECTRE_BRANCH_HISTORY to n by default | expand |
On Tue, Jul 16, 2024 at 05:51:36PM +0900, Chanho Min wrote: > lmbench shows 25% performance regression after MITIGATE_SPECTRE_BRANCH_HISTORY > is enabled. This performance drop may be more significant than mitigating > the spectre-BHB. This patch changes this security option to disable by default > and makes it selectable. > > - lat_syscall result with MITIGATE_SPECTRE_BRANCH_HISTORY enabled (cortex-a78) > write call 0.2777 0.2810 0.2824 0.280367 > read call 0.3435 0.3452 0.3443 0.344333 > > - lat_syscall result with MITIGATE_SPECTRE_BRANCH_HISTORY disabled (cortex-a78) > write call 0.2101 0.2117 0.2116 0.2111 > read call 0.2732 0.2744 0.2763 0.274633 It's sad, but it's not surprising. Mitigations rarely make things faster. > Signed-off-by: Chanho Min <chanho.min@lge.com> > --- > arch/arm64/Kconfig | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig > index 5d91259ee7b5..be76f425c060 100644 > --- a/arch/arm64/Kconfig > +++ b/arch/arm64/Kconfig > @@ -1626,7 +1626,7 @@ config UNMAP_KERNEL_AT_EL0 > > config MITIGATE_SPECTRE_BRANCH_HISTORY > bool "Mitigate Spectre style attacks against branch history" if EXPERT > - default y > + default n > help > Speculation attacks against some high-performance processors can > make use of branch history to influence future speculation. > -- > 2.17.1 It's better to be safe than sorry, so I think it's right to default this to 'y'. The mitigation can be disabled on the kernel command-line, e.g. using the "nospectre_bhb" option. Will
diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index 5d91259ee7b5..be76f425c060 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -1626,7 +1626,7 @@ config UNMAP_KERNEL_AT_EL0 config MITIGATE_SPECTRE_BRANCH_HISTORY bool "Mitigate Spectre style attacks against branch history" if EXPERT - default y + default n help Speculation attacks against some high-performance processors can make use of branch history to influence future speculation.
lmbench shows 25% performance regression after MITIGATE_SPECTRE_BRANCH_HISTORY is enabled. This performance drop may be more significant than mitigating the spectre-BHB. This patch changes this security option to disable by default and makes it selectable. - lat_syscall result with MITIGATE_SPECTRE_BRANCH_HISTORY enabled (cortex-a78) write call 0.2777 0.2810 0.2824 0.280367 read call 0.3435 0.3452 0.3443 0.344333 - lat_syscall result with MITIGATE_SPECTRE_BRANCH_HISTORY disabled (cortex-a78) write call 0.2101 0.2117 0.2116 0.2111 read call 0.2732 0.2744 0.2763 0.274633 Signed-off-by: Chanho Min <chanho.min@lge.com> --- arch/arm64/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)