Hi, On Wed, Feb 05, 2014 at 10:30:52PM +0200, Ivaylo Dimitrov wrote: > In theory having that workaround disabled might be a security > problem, but honestly, knowing its nature I don't think it is easily > exploitable, if at all. The final result when bitten by it is a > SIGILL, but in userspace, not in the kernel(assuming the kernel is > ARM), and userspace runs in totally different mode (nonsecure, > nonprivileged) compared to the kernel(nonsecure, privileged) and > IIRC every mode has its own set of stack, registers etc. BTW I don't > think the kernel itself can be thumb2-compiled for cores with that > errata, but I might wrong. Also, as Pali noted, the problem appears > if and only if there is an userspace binary containing thumb2 code. > If all of the userspace is pure ARM, there is no problem. Ok. I assumed, that a single thumb2-compiled binary can potentially trigger problems for the whole system. Basically because the ERRATA helptext in KConfig is: [...], Cortex-A8 does not recover from the stale interworking branch prediction. > And as the errata workaround has its drawbacks (BTB is cleared on > every context switch which affects performance), one might want to > not have it enabled. I guess the workaround would be persistently enabled if there were no drawbacks. > Maybe that warning should be spit only if CONFIG_THUMB2_KERNEL (or > whatever the option was) is enabled. Though if that option is > enabled I'd rather #error during compile time if errata workaround > is not enabled, instead of printing a warning while booting a > system that will crash in a matter of seconds. THUMB2 userland code is supported by the kernel by default, so that does not work. (Enabling CONFIG_THUMB2_KERNEL will result in a thumb2-compiled kernel.) -- Sebastian
Attachment:
signature.asc
Description: Digital signature
