[Cerowrt-devel] [Cake] apu2 sqm/htb issue + a minor win for speeding up fq_codel itself

Jonathan Morton chromatix99 at gmail.com
Wed Oct 3 14:32:23 EDT 2018

> On 3 Oct, 2018, at 8:43 pm, Toke Høiland-Jørgensen <toke at toke.dk> wrote:
> I don't suppose 18.06 enables any of the SPECTRE mitigations (was that
> an issue on ARM)?

That depends on the ARM core involved.  Most of them in CPE devices (eg. Cortex-A5/7/53) have in-order execution engines, so should be immune - but it's not inconceivable that some of the mitigations are enabled regardless.

The WRT1200AC uses the Marvell 88F6820 which has a pair of Cortex-A9 cores.  These are mildly out-of-order engines which would be at least theoretically vulnerable to Spectre v1, but that is not a kernel-level exploit.  According to https://www.techarp.com/guides/complete-meltdown-spectre-cpu-list/4/#arm the Cortex-A9 is also vulnerable to Spectre v2 which is the branch-predictor poisoning attack, for which kernel-level mitigations may be appropriate.  It is however immune to Meltdown.

I'm not familiar with precisely what mitigations are now in use on ARM.  I am however certain that, on a device running only trustworthy code (ie. not running a Web browser), mitigating Spectre is unnecessary.  If an attacker gets into a position to exploit it, he's already compromised the device enough to run a botnet anyway.

 - Jonathan Morton

More information about the Cerowrt-devel mailing list