Are the Sitara processors subject to the Spectre attack? More curious than seriously wondering as it seems the Raspberry Pi folks don’t think they’re susceptible to the attack.
It depends on the CPU core. Generally speaking, the out-of-order pipeline cores like Cortex-A9 (in AM437x) or Cortex-A15 (in AM57x, BeagleBoard X15) are affected by this, but in-order cores like the old ARM9 (used in AM18x, OMAP1 and most DaVinci products) are totally safe, same as the ARM11, Cortex-A7 and Cortex-A53 used in the Raspberry-Pi chips.
I’m not sure about the Cortex-A8 used in OMAP3xxx and AM3xxx: This is what most BeagleBone/BeagleBoard use, and thy also use in-order pipelines, but https://developer.arm.com/support/security-update does list it as affected anyway.
I believe branch prediction would be a prerequisite for a core to be vulnerable to Spectre.
The ARM Cortex-A8 is interesting in that it does not do out-of-order execution, but it does in-order dual instruction issue with advanced dynamic branch prediction.
This quote from the @Texas_Instruments wiki makes it sound like ARM Cortex-A8 was trying to balance complexity and performance: high-frequency design with out-of-order performance, but in-order clock frequency and power consumption
None from me. Just surprising. Will confirm.
Checking to see if we are ready for official communication. That said, see http://lists.infradead.org/pipermail/linux-arm-kernel/2018-January/552243.html
Looking at the patches proposed for armv7, it seems cortex a8 always required a btb invalidation on a mm switch, so the attack surface might at least be smaller. I don’t quite know which attack vector the invalidate on fatal signal covers, though.
You know what bothers me? Nobody yet looked what exploits might be possible through utilizing the NEON unit in addition to the ARM core…
Does the VFP provide additional risk?
Well, the NEON unit is actually an independent coprocessor that runs in parallel to the ARM core and I wonder what type of additional attack vectors that would open if you’d train the branch predictor to execute NEON instructions speculatively - or if you mounted a meltdown attack reading kernel memory using NEON instructions instead of ARM instructions? AFAICS that has not been tried yet.
Hello Arnd Bergmann,
Could you please explain, how the ARM9 core cannot be affected by meltdown attack?
@Thenralarasan_Muruge the CPUs affected by Meltdown are a subset of those affected by Spectre, and ARM9 is not affected by that either since it has no speculative execution.