Power ISA improvements in 5.2 (and a Raptor tease)


I'm catching up on all the stuff while I was semi-off-grid, and among them is kernel 5.2, which was declared released on July 7 and should be reaching your distribution soooooon (though Fedora 30 on this Talos II is still at 5.1.x as of this writing). Big general improvements are Sound Open Firmware, which is not an audio player for the ok prompt but rather open source firmware for audio devices, a (hopefully better) new mount(2) interface with new syscalls, performance improvements to the Budget Fair Queuing (BFQ) I/O scheduler, and additional CPU information leak protections using an architecture-independent mitigations= command line argument (it works on Power machines too, as well as x86, x86_64, ARM64 and s390). On PowerPC and 64-bit Power, mitigations=off sets nopti,nospectre_v1,nospectre_v2,spec_store_bypass_disable=off which respectively disable mitigations for user/kernel page table isolation (i.e., Meltdown), Spectre versions 1 and 2, and speculative storage bypass. If set to auto, the default, then these mitigations are enabled in the kernel along with (on POWER8 and POWER9) mitigating SSB by inserting a store-forwarding barrier when entering and leaving kernel context. The particularly paranoid can set auto,nosmt to take the hit against L1TF and MDS attacks, but currently this disables SMT only on x86, because Power doesn't suck. ;)

Power-specific changes include the long-awaited (at least by me) YOLO DAWR support on POWER9, as well as support for Kernel Userspace Access/Execution Prevention (KUAP and KUEP). KUP features collectively are analogous to Intel Supervisor Mode Access Prevention (though I like this SMAP better) and prevent the kernel from accidentally accessing userspace outside copy_to/from_user() and/or executing code in userspace. Support is somewhat varied: most 32-bit CPUs except the 400, 440 and e500 series support both KUAP and KUEP (though the poor old PowerPC 601 lacks an NX segment bit, so no KUEP), but KUP on 64-bit Power currently requires the radix MMU, meaning only POWER9 CPUs in radix mode. You can see if your CPU is supported in this list, looking for CPU_HAVE_KUAP and CPU_HAVE_KUEP.

Meanwhile, who says 32-bit PowerPC is dead? 5.2 also adds 32-bit support for the Kernel Address Sanitizer (KASAN), further improving security, and some significant performance improvements to 32-bit syscall overhead (up to 12-17% improvement on the the null_syscall benchmark).

Although I won't be able to make OpenPOWER this year in San Diego, Raptor is going, and is teasing a new POWER9 product announcement. However, I will be at Vintage Computer Festival West exhibiting some of my PowerPC, PA-RISC and SPARC laptops and portable workstations. If you're going to be near the Computer History Museum in Mountain View (near the Google Death Star) on August 3 or 4, drop by, say hi, and play with the toys.

Comments

  1. To go along with the Raptor tease, what about making a post about "POWER ISA and the state of Libre Operating Systems"? For now, no FSF-endorsed system exists for PowerPC or POWER... but it seems they are slowly crawling towards that direction, with Trisquel 9 supposed to support PPC64le, and Parabola GNU/Linux already is distributing demos (which require people to test it out on their Talos/Blackbird and report back for potential bugs): https://mirror.grapentin.org/parabola-ports/powerpc64le/

    List of FSF-endorsed systems: https://www.gnu.org/distros/free-distros.en.html
    (All x86, with only Parabola also supporting something else, which is... ARM.)

    For big-endian PPC and PPC64, though, to my knowledge Debian is the ONLY operating system EVER that is 100% blob-free, and "libre-able", even if they didn't earn FSF's approval. Although even that is falling behind now, as Debian moved on to PPC64le for new versions. Well, at least SOME form of PowerPC has a 100% libre future, even if that future doesn't include our PowerPC Macs. :|

    ReplyDelete

Post a Comment

Comments are subject to moderation. Be nice.