Branch History Injection (BHI), a new flavor of the Spectre-v2 vulnerability that affects both new and old Intel processors and specific Arm models, recently came to light. Linux publication Phoronix (opens in new tab) conducted testing that shows the new BHI mitigations could produce severe performance penalties up to 35%.
Intel will release a software update for its processors to mitigate BHI, but it may take a while since processors starting from Haswell going forward are vulnerable to the exploit. However, the Linux community was quick to act, and mitigations for BHI already formed a part of the Linux kernel in a matter of minutes after BHI's announcement.
VUSec, the Systems and Network Security Group at Vrije Universiteit Amsterdam who discovered BHI, recommended enabling Repotlines (return and trampoline) to mitigate BHI. The recommendation still stands for modern processors that already carry the necessary hardware mitigations for Spectre V2. In Intel's case, that would be eIBRS, but as the VUSec researchers highlighted, it isn't enough to fight off BHI, which is the reason to have eIBRS and Retpolines working in tandem.
According to Phoronix's Core i9-12900K (Alder Lake) results, networking and storage performance went down the toilet after enabling Retpolines. The publication recorded a 26.7% performance loss on the former and 14.5% on the latter. That's the hallmark of these mitigations: Any external I/O from the chip takes a hard hit. Workloads like web browsing or image manipulation in GIMP didn't show a huge impact.
The Core i7-1185G7 (Tiger Lake) took an even more detrimental hit to storage performance. The results showed 35.6% and 34.1% lower performance in OSBench and Flexible IO Tester, respectively. But again, workloads that don't rely on I/O or networking didn't show significant performance loss. These include gaming, web browsing, and other daily tasks.
Phoronix noted that AMD processors aren't safe from BHI even though modern Zen chips already leverage Retpolines. The problem is that AMD's LFENCE/JMP-based implementation of Retpolines isn't good enough to fend off BHI, so the chipmaker is shifting to general Retpolines. The impact of the transition for AMD processors is unknown, but Phoronix is already conducting new tests to find out.
It's possible Intel and other software developers will be able to reduce the impact of the BHI mitigations with additional time and effort, but for the time being, enabling the patches could prove very painful on servers and other systems that do a lot of I/O intensive work.