LinuxLink Login   |   1.866.392.4897 |   sales@timesys.com

Updated on 8/14/2018

Google Project Zero team discovered a method to read privileged memory from user space by utilizing CPU data cache timing to leak information out of mis-speculated execution. Variants of this issue are known to affect many modern processors, including certain processors by Intel, AMD and ARM. For more details refer to this blogpost.

So far, there are three known variants of the issue:

Variants 1 & 2 are referred to as Spectre and Variant 3 as Meltdown.

Timesys has been monitoring vendor websites and open source mailing lists regarding affected CPUs and software mitigation strategies, and below are our findings:

Summary of affected CPUs:
Variant 1
A8/A9/A15/A17/A57/A72/A73/A75
Yes
Yes
Variant 2
A8/A9/A15/A17/A57/A72/A73/A75
Yes
Yes
Variant 3
A75 only
Yes
No
Variant 3a
A15/A57/A72 only
Yes
N/A
Variant 4
A57/A72/A73/A75/A76 only
Yes
Yes

Note: For more details on the exact versions of CPUs affected, visit the vendor website in the link provided above.

Upstream software mitigation status:
Vulnerability
Software Mitigation
Upstream Mitigation Status
Timesys Factory Mitigation Status
Variant 1
Code analysis to avoid generating vulnerable binary code. Applies to both kernel and userspace code such as browsers that support for JavaScript (Just-In-Time compilers) and WebAssembly.
KERNEL
x86: Mitigation patches accepted mainline in kernel
Arm: Initial mitigation patches accepted in mainline kernel
USERSPACE
Mitigated in latest WebKit, Firefox, Chrome
KERNEL
x86: Use 4.16+ kernel available in factory-20180410 or later.
Arm: Contact Timesys for fixes.
 
USERSPACE
Contact Timesys for fixes.
Variant 2
x86 MITIGATION 1
Update CPU microcode and apply kernel patches
 
 
x86 MITIGATION 2
Applying a software mitigation (e.g., Google’s Retpoline) to the hypervisor, operating system kernel, system programs and libraries, and user applications
Arm: Apply kernel patches
x86 MITIGATION 1
Intel: microcode update available
 
AMD: microcode update for latest processors available
x86 MITIGATION 2
Kernel: Patches are available in mainline and are being backported to LTS versions
GCC: GCC 7.3 or later has retpoline support
Arm: Patches available on Arm git tree and accepted in mainline kernel
x86 MITIGATION 1
Intel: Intel microcode 20180703 available in factory-20180808 or later for all Intel boards
AMD:
 
x86 MITIGATION 2
Kernel: Use 4.15+ kernel available in factory-20180213 or later
GCC: GCC 7.3 available in factory-20180213 or later
Arm: Contact Timesys for fixes. Backported patches have been tested on i.MX6Q processors.
Variant 3
Kernel Page Table Isolation (KPTI) patches
x86: Patches integrated into LTS kernels
Arm: Patches available on Arm git tree and accepted in mainline kernel
x86: Use 4.15+ kernel available in factory-20180213 or later
Arm: N/A. Cortex A75 based boards not available in Timesys Factory.
Variant 3a
Arm believes no software mitigation is required for Variant 3a
N/A
N/A
Variant 4
x86 MITIGATION 1
Intel: Update CPU microcode
 
 
x86 MITIGATION 2
Apply kernel patches
 
Arm: Apply kernel patches and arm-trusted-firmware patches
x86 MITIGATION 1
Intel microcode is still in beta and it is recommended to wait for general availability
x86 MITIGATION 2
Mitigation patches accepted mainline in kernel
Arm: Mitigation patches accepted in mainline kernel and arm-trusted-firmware patch available
x86 MITIGATION 1
Waiting for stable Intel microcode
 
 
x86 MITIGATION 2
Use 4.17+ kernel available in factory-20180620 or later
Arm: N/A. Cortex A57/A72/A73/A75/A76 based boards not available in Timesys Factory.

Note: Yocto customers please contact Timesys for providing fixes.

Considerations before applying patches

Can your product be exploited?
Based on our experience, interacting with customers’ typical embedded systems running Linux are mostly closed systems that do not allow running arbitrary code. So unless your product allows running 3rd party or WEB applications, we believe the device is not exposed to exploits based on the above vulnerabilities. So it might be worthwhile to assess the security impact for your product before rushing to fix it.

Microcode update (x86 only):
Microcode updates are typically handled via BIOS updated via hardware vendor. However, it is possible for a Linux based system to load the microcode at runtime (done on every boot). For applying the latest microcode on Linux, follow the instructions in the Release Notes provided by Intel in their microcode package. Please read the microcode update guidance document from Intel since there are potential system stability issues with the latest microcode.

Performance impact:
There have been reports of performance impacts when applying the patches and/or microcode. The impact depends on the operations being performed by the CPU, and we recommended profiling the system under full load after updating the system to understand the performance impact for your use case.

Patch integration:
Variant 3 alone requires more than 40+ patches to be applied to the kernel. Given the severity of the vulnerability, the kernel maintainers are backporting the patches to LTS (Long term stable) versions of the kernel.

Is my kernel patched?
On x86 based systems, there are 2 methods to check if the version of kernel running on target has been patched for the spectre and meltdown vulnerabilities.

Method 1: Run the below script after going through README. The script will report if your CPU is vulnerable and if any mitigations are in place. https://github.com/speed47/spectre-meltdown-checker

Method 2: On LTS kernel versions, read the below files on the target file system

# ls /sys/devices/system/cpu/vulnerabilities/
meltdown  spectre_v1  spectre_v2
# cat /sys/devices/system/cpu/vulnerabilities/meltdown 
Mitigation: PTI
# cat /sys/devices/system/cpu/vulnerabilities/spectre_v1 
Vulnerable
# cat /sys/devices/system/cpu/vulnerabilities/spectre_v2 
Vulnerable: Minimal generic ASM retpoline

 
Non x86 based systems are yet to add any hooks for reporting the status.

Patch flux and ongoing monitoring:
Given the nature of attack, the fixes are going to be ongoing as nuances of the attack are understood. Many of the currently submitted patches are still under review and will take weeks before making it into LTS kernel release.

Timesys will continue to monitor the status on the above CVEs and update this blog post as fixes become available. For information about your board, contact Timesys.

Akshay Bhat is a Security Architect at Timesys. Akshay’s experience with embedded systems spans a broad range of industries with a focus on board bring-up, driver development and software security. Akshay received his MS in Electrical Engineering from NYU Polytechnic University.

About Timesys

Timesys has extensive experience with embedded system development and lifecycle management. Timesys has been instrumental in working with global leader semiconductor manufacturers with smart, quick and quality solutions for highly complex systems with accelerated product innovation and multiple product variants.