Cache Speculation Issues Update
Prior to the public disclosure of three new security vulnerabilities, now known as Spectre and Meltdown, by researchers in Google's Project Zero team on January 3, and the weeks thereafter, Arm worked closely with its ecosystem to ensure these vulnerabilities are well understood and effectively mitigated against. This has resulted in some fine-tuning of the mitigations to improve their ease of use and deployment.
Since then we have regularly updated our Web page (www.arm.com/security-update) dedicated to providing information related to Spectre and Meltdown. This blog summarizes our latest updates including new and updated documents which provide more detailed information about the latest mitigation deployments.
'Spectre' Variant 1
For Spectre Variant 1, Arm initially proposed a CSDB barrier that when combined with a conditional select/move would mitigate against this issue.
Following feedback from our software and hardware partners we have simplified the definition of CSDB to act as a broader barrier against data-value speculation. This simplifies the reasoning needed by software engineers to understand how they use the mitigations.
Note that this change does not invalidate any mitigations for Variant 1 that are based on the previous definition of CSDB. This change broadens the applicability of the CSDB barrier.
We have been actively working with the major compiler communities, including GCC & LLVM to develop a compiler built-in function that makes it easy to use Variant 1 mitigations from C/C++. This ensures there is a route to the deployment of mitigations that works across the whole ecosystem.We have also released a small header file, enabling the use of the speculation barrier with older compilers which do not have support for the built-in function. This is available at https://github.com/ARM-software/speculation-barrier.
More details about the new definition of the CSDB barrier and its intended use are in the updated Whitepaper.
'Spectre' Variant 2
Mitigations for Spectre Variant 2 are deployed in the OS kernel and firmware. While the fundamental mitigation methods have not changed in the past month, we have worked with our partners to improve deployment efficiencies, including the definition of new interfaces between the OS kernels and the firmware on devices.
The current set of Linux Kernel patches are available here:
Arm Trusted Firmware has been updated, with information on its Security Advisory page covering these issues here:
The specification for these changes is available here.
'Meltdown' (Variant 3)
Within the Linux kernel, Meltdown is mitigated by using functionality called KPTI. Arm is continuing to update the Arm specific KPTI Linux kernel patches. Arm expects these patches will be merged into mainline for the 4.16 kernel release.
For AArch32 (32-bit kernels) there is no KPTI workaround. The only Arm Cortex core affected by Meltdown is Cortex-A75, where usage will be focused on the 64-bit kernel.
The current KPTI patch set is available here:
The following list provides links to all the documents mentioned in this blog, and also some other useful material providing more detailed information than available here.
- Cache Speculation Side-Channels Whitepaper.
- Firmware interfaces for mitigating CVE-2017-5715 System Software on Arm Systems.
- Cache Speculation Side-channels Linux Kernel Mitigations.
- Linux kernel KPTI patchset.
- Arm Trusted Firmware exposure to speculative processor vulnerabilities.
- Arm Trusted Firmware Security Advisory.
- Speculation Barrier Header file.