arm64: spectre: increase parameters that can be used to turn off bhb mitigation indiv...

[ Upstream commit 877ace9eab7de032f954533afd5d1ecd0cf62eaf ]

In our environment, it was found that the mitigation BHB has a great
impact on the benchmark performance. For example, in the lmbench test,
the "process fork && exit" test performance drops by 20%.
So it is necessary to have the ability to turn off the mitigation
individually through cmdline, thus avoiding having to compile the
kernel by adjusting the config.

Signed-off-by: Liu Song <liusong@linux.alibaba.com>
Acked-by: Catalin Marinas <catalin.marinas@arm.com>
Link: https://lore.kernel.org/r/1661514050-22263-1-git-send-email-liusong@linux.alibaba.com
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Pu Lehui <pulehui@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index 88110e74b3f7a25f68333522a3d327b4eb6690cb..1eff151699830dd5307cc2afa1ea78778ea28c79 100644 (file)
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -2954,6 +2954,7 @@
                                               spec_store_bypass_disable=off [X86,PPC]
                                               spectre_v2_user=off [X86]
                                               ssbd=force-off [ARM64]
+                                              nospectre_bhb [ARM64]
                                               tsx_async_abort=off [X86]
 
                                Exceptions:
@@ -3367,6 +3368,10 @@
                        vulnerability. System may allow data leaks with this
                        option.
 
+       nospectre_bhb   [ARM64] Disable all mitigations for Spectre-BHB (branch
+                       history injection) vulnerability. System may allow data leaks
+                       with this option.
+
        nospec_store_bypass_disable
                        [HW] Disable all mitigations for the Speculative Store Bypass vulnerability
 

diff --git a/arch/arm64/kernel/proton-pack.c b/arch/arm64/kernel/proton-pack.c
index 223527066a4f727318844933a6bf8279694f0729..7728026d98f75b7f7c693ef8284957fa727dd9fe 100644 (file)
--- a/arch/arm64/kernel/proton-pack.c
+++ b/arch/arm64/kernel/proton-pack.c
@@ -1088,6 +1088,13 @@ static void kvm_setup_bhb_slot(const char *hyp_vecs_start) { }
 #endif /* CONFIG_KVM */
 
 static bool spectre_bhb_fw_mitigated;
+static bool __read_mostly __nospectre_bhb;
+static int __init parse_spectre_bhb_param(char *str)
+{
+       __nospectre_bhb = true;
+       return 0;
+}
+early_param("nospectre_bhb", parse_spectre_bhb_param);
 
 void spectre_bhb_enable_mitigation(const struct arm64_cpu_capabilities *entry)
 {
@@ -1100,7 +1107,7 @@ void spectre_bhb_enable_mitigation(const struct arm64_cpu_capabilities *entry)
                /* No point mitigating Spectre-BHB alone. */
        } else if (!IS_ENABLED(CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY)) {
                pr_info_once("spectre-bhb mitigation disabled by compile time option\n");
-       } else if (cpu_mitigations_off()) {
+       } else if (cpu_mitigations_off() || __nospectre_bhb) {
                pr_info_once("spectre-bhb mitigation disabled by command line option\n");
        } else if (supports_ecbhb(SCOPE_LOCAL_CPU)) {
                state = SPECTRE_MITIGATED;