Announcement

**DrYak** · 31 January 2018, 06:24 AM

Given the ARM security update, it looks more like something that needs to be done by the compiler.

So it doesn't depend that much on Google patches, rather that the version of compiler that a specific fimrware is using on their compile farm + the version of the compiler doing the JIT/AOT for the android apps.

MAybe LineageOS simply uses an upgraded compiler, and packs a patched compiler for handling the JIT/AOT ?

**andreano** · 31 January 2018, 11:22 AM

It should be mentioned that Cortex A35, A53 and A55 are not vulnerable. At least, ARM doesn't list them as vulnerable.

As an example, Raspberry Pi is not vulnerable. Same with most cheap 4-core 64-bit android devices (that only ship the LITTLE part in big.LITTLE).

So (unlike popular belief) you can actually buy modern CPUs not vulnerable to Spectre or Meltdown!

**duby229** · 31 January 2018, 12:45 PM

Originally posted by andreano View Post

It should be mentioned that Cortex A35, A53 and A55 are not vulnerable. At least, ARM doesn't list them as vulnerable.

As an example, Raspberry Pi is not vulnerable. Same with most cheap 4-core 64-bit android devices (that only ship the LITTLE part in big.LITTLE).

So (unlike popular belief) you can actually buy modern CPUs not vulnerable to Spectre or Meltdown!

That's because they are in order pipelines. Instructions have to executed serially. All three of the recent vulnerabilities require out of order pipelines in order to trick the prefetch logic. But in the case of an in order pipeline the prefetch logic works first and can't be tricked. I'm reasonably certain that all in order pipelines are not affected. But then again in order pipelines can't acheive the same level of IPC that out of order piepleines can, so....

**Kayote** · 31 January 2018, 10:40 PM

RelaxTrolls I have humble Moto e 2nd gen. But google did release an announcement that said that they were shipping patches on January 5.

**Kayote** · 11 March 2018, 05:14 PM

Originally posted by RelaxTrolls View Post

what device do you have?? - it would be pretty easy to verify by looking on github at the kernel sources...

I find it a bit odd that some devices are shipping this patch set - the last related patches and fix ups for kpti landed in AOSP on Jan 19th, IIRC... which is obviously way after Jan 5th....

google also didn't apply the patchset to the pixel line for Jan update.

yeah right google is just setting a smoke screen. The proper fix/mitigation is in the kernel. I'm really curious of what google will actually do, because they have thousands of specific branches for each device, carriers, countries, etc. It's a mess. The best way would be updating everyone to one kernel version, but they are not going to do that.

**Kayote** · 11 March 2018, 05:26 PM

Originally posted by duby229 View Post

That's because they are in order pipelines. Instructions have to executed serially. All three of the recent vulnerabilities require out of order pipelines in order to trick the prefetch logic. But in the case of an in order pipeline the prefetch logic works first and can't be tricked. I'm reasonably certain that all in order pipelines are not affected. But then again in order pipelines can't acheive the same level of IPC that out of order piepleines can, so....

thanks for the explanation now I understand more clearly. Sorry for bumping this old thread.

Announcement

64-bit ARM Gets Mitigations For Spectre & Meltdown With Linux 4.16

Comment

Comment

Comment

Comment

Comment

Comment