Speculative TLB Fills Might Occur Past A DSB Instruction

Versal Prime Series Production Errata (EN314)

Document ID
EN314
Release Date
2024-02-05
Revision
1.5 English

AMD Answer 73149

In the white paper Cache Speculation Side-channels (https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/download-the-whitepaper) issued by Arm in response to the revelation of the Spectre side-channels, the claim is made that the combination of DSB SYS and ISB will prevent subsequent speculation. However, a single load, store, or other memory operation that makes a page translation that follows a DSB SYS + ISB can initiate a speculative table walk and fill a new TLB entry if the initial lookup results in a TLB miss before the completion of the DSB SYS + ISB. Correspondingly, the micro-architectural state of the processor can be affected by a speculative access from an instruction appearing after the DSB SYS + ISB

This is a third-party errata (Arm, Inc. 1328359); this issue will not be fixed.