From 5ad6d9e8940d552ecb05602166a251df8dc4e12e Mon Sep 17 00:00:00 2001 From: Danny Lin Date: Wed, 31 Jul 2019 19:20:31 -0700 Subject: [PATCH] miatoll_defconfig: Disable redundant Spectre variant 2 mitigations Our big and Prime clusters are currently getting software mitigations for Spectre variant 2 (CVE-2017-5715) applied through Trusted Firmware despite the presence of Arm v8.5-A hardware mitigations. Disable the software mitigations since they're redundant and are only hurting performance. Details and analysis: The Kryo cores used in the aforementioned clusters are semi-custom Cortex-A76 derivatives [1]. According to Arm, newer revisions of their reference Cortex-A76 designs (r3p0 and newer) are immune to Spectre v2 thanks to hardware mitigations implemented as part of Arm v8.5-A [2]. While I was unable to locate a working Spectre v2 PoC for AArch64, Arm's overview suggests that the v2 and v3(a) mitigations come together as part of the single Arm v8.5-A update [3], so we can test for whether the cores are susceptible to v2 by testing for their susceptibility to v3 and/or v3a. This is helpful because there *is* a public and working Spectre v3a PoC for AArch64 on GitHub [4]. Running the PoC revealed no conclusive successes for the v3 exploit, which should mean that our cores are also not vulnerable to Spectre v2. Variants 1 and 4 was not considered because Arm's documentation states that v1 and v4 mitigations are completely unrelated to those for v2 [5]. All PoC runs were conducted within a regular Android app's context with the app's processes locked to the big and Prime clusters (CPUs 4-7), since Arm states that the little cluster's cores (Cortex-A55) are not affected by any variants of Spectre [2]. [1] https://en.wikichip.org/wiki/qualcomm/snapdragon_800/855 [2] https://developer.arm.com/-/media/Arm%20Developer%20Community/PDF/Security%20update%2010%20September%2018/Kernel_Mitigations_Detail_v1.7.pdf?revision=730b8541-ca91-4fde-a2bb-4093054748ae [3] https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability [4] https://github.com/lgeek/spec_poc_arm [5] https://developer.arm.com/-/media/Arm%20Developer%20Community/PDF/Security%20update%2010%20September%2018/Kernel_Mitigations_Detail_v1.7.pdf?revision=730b8541-ca91-4fde-a2bb-4093054748ae Signed-off-by: Danny Lin Change-Id: I4411899b7da9a7e1899ea7532e922c40bb077ab1 --- arch/arm64/configs/vendor/pixel_experience-a52q_defconfig | 2 +- arch/arm64/configs/vendor/pixel_experience-a72q_defconfig | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/arm64/configs/vendor/pixel_experience-a52q_defconfig b/arch/arm64/configs/vendor/pixel_experience-a52q_defconfig index 51f5b0acf487..9116a6e53b61 100755 --- a/arch/arm64/configs/vendor/pixel_experience-a52q_defconfig +++ b/arch/arm64/configs/vendor/pixel_experience-a52q_defconfig @@ -640,7 +640,7 @@ CONFIG_FORCE_MAX_ZONEORDER=11 # CONFIG_UNMAP_KERNEL_AT_EL0 is not set CONFIG_HARDEN_BRANCH_PREDICTOR=y # CONFIG_PRINT_VMEMLAYOUT is not set -CONFIG_ARM64_SSBD=y +# CONFIG_HARDEN_BRANCH_PREDICTOR is not set CONFIG_ARM64_TAGGED_ADDR_ABI=y CONFIG_ARMV8_DEPRECATED=y CONFIG_SWP_EMULATION=y diff --git a/arch/arm64/configs/vendor/pixel_experience-a72q_defconfig b/arch/arm64/configs/vendor/pixel_experience-a72q_defconfig index 6019d5962528..4152824644a4 100644 --- a/arch/arm64/configs/vendor/pixel_experience-a72q_defconfig +++ b/arch/arm64/configs/vendor/pixel_experience-a72q_defconfig @@ -637,7 +637,7 @@ CONFIG_FORCE_MAX_ZONEORDER=11 # CONFIG_UNMAP_KERNEL_AT_EL0 is not set CONFIG_HARDEN_BRANCH_PREDICTOR=y # CONFIG_PRINT_VMEMLAYOUT is not set -CONFIG_ARM64_SSBD=y +# CONFIG_HARDEN_BRANCH_PREDICTOR is not set CONFIG_ARM64_TAGGED_ADDR_ABI=y CONFIG_ARMV8_DEPRECATED=y CONFIG_SWP_EMULATION=y