[U-Boot] U-Boot, cache speculation side channel attacks and ARM

Marc Zyngier marc.zyngier at arm.com
Sat Jan 20 12:45:11 UTC 2018


On Sat, 20 Jan 2018 12:29:22 +0000
Russell King <rmk at armlinux.org.uk> wrote:

> On Sat, Jan 20, 2018 at 11:31:19AM +0000, Marc Zyngier wrote:
> > Define enough. These patches allow these CPUs to cope with variant-2,
> > and only variant-2. Variant-1 is still work in progress across all
> > architectures, variant-3 (aka Meltdown) doesn't concern 32bit ARM
> > implementations, and only A15 is susceptible to variant-3a.  
> 
> I think you need to be really careful about statements like this.
> 
> As you know, it is possible to run a 32bit environment in a VM on
> the 64bit CPUs.  So, its entirely possible to run a 32bit setup
> on a Cortex A72 for example, and that means such a setup _is_
> vulnerable to variant 3a.

Absolutely. Which is why I was careful to say A8/A9/A12/A15/A17 in all
the comments I made regarding these patches. Running 32bit code on an
A72, virtualized or not, is still running on an A72.

If you run such a configuration, you then need to apply the same
mitigations as on the arm64 side. In a virtualized environment,
KVM/arm64 will provide paravirtualized services that can be called to
ensure BP invalidation. Running bare metal will require CPU-specific
methods.

> Do people do this?  That isn't something we can really know, but
> I think as long as its allowed, you can bet that someone will,
> and someone will end up using it in a production environment.
> 
> So, it can't be ignored.

I'm certainly not stating that we should ignore it. But I'm trying to
plug the systems that I know people are using before tackling the ones
they may be using.

Thanks,

	M.
-- 
Without deviation from the norm, progress is not possible.


More information about the U-Boot mailing list