All of the ARM64 changes were merged this week to the Linux 6.15 kernel for enhancing the 64-bit ARM processor support.
Linux 6.15 on the ARM64 architecture side adds SMT run-time controls for those running the rare ARM processors that support Simultaneous Multi-Threading. Now like x86_64 and other architectures, the SMT status can be toggled at run-time thanks to that work by HiSilicon.
With a change made by a Google engineer, Linux ARM64 will now assume AArch64 processors are vulnerable to the Spectre-BHB (Branch History Injection) vulnerability by default if they are unknown or aren’t otherwise marked as safe from Spectre-BHB. As explained in the prior patch series that is now merged for Linux 6.15:
“The code for detecting CPUs that are vulnerable to Spectre BHB was based on a hardcoded list of CPU IDs that were known to be affected. Unfortunately, the list mostly only contained the IDs of standard ARM cores. The IDs for many cores that are minor variants of the standard ARM cores (like many Qualcomm Kyro CPUs) weren’t listed. This led the code to assume that those variants were not affected.
Flip the code on its head and instead list CPU IDs for cores that are known to be _not_ affected. Now CPUs will be assumed vulnerable until added to the list saying that they’re safe.
As of right now, the only CPU IDs added to the “unaffected” list are ARM Cortex A35, A53, and A55. This list was created by looking at older cores listed in cputype.h that weren’t listed in the “affected” list previously.
Unfortunately, while this solution is better than what we had before, it’s still an imperfect solution. Specifically there are two ways to mitigate Spectre BHB and one of those ways is parameterized with a “k” value indicating how many loops are needed to mitigate. If we have an unknown CPU ID then we’ve got to guess about how to mitigate it. Since more cores seem to be mitigated by looping (and because it’s unlikely that the needed FW code will be in place for FW mitigation for unknown cores), we’ll choose looping for unknown CPUs and choose the highest “k” value of 32.
The downside of our guessing is that some CPUs may now report as “mitigated” when in reality they should need a firmware mitigation. We’ll choose to put a WARN_ON splat in the logs in this case any time we had to make a guess since guessing the right mitigation is pretty awful. Hopefully this will encourage CPU vendors to add their CPU IDs to the list.”
This Spectre-BHB change for ARM64 cores is also marked for back-porting to existing Linux kernel stable series pre-6.15. For more background reading on the topic: Some Qualcomm CPUs Left Exposed To Spectre Vulnerabilities On Mainline Linux.
The ARM64 code for Linux 6.15 also adds Arm “Rainier” CPU PMU support, support for partial virtualization of the Apple M1 PMU, MOPS memcpy/memset support for uaccess routines, and CPU type information reporting for some Qualcomm Kryo cores. More details for those interested via this pull.