We are running a survey to help us improve the experience for all of our members. If you see the survey appear, please take the time to tell us about your experience if you can.
Hi,
We use Cortex R5 & R52 in our product in which a special scenario with MPU disabled is needed.
When MPU disabled, there is a concern that speculative access caused by branch prediction is out
of control.
Can we use BPI (branch predictor invalidate) intsruction to avoid unexpected speculative
access?
For unexcpected speculative access, I mean speculative access to memory byond the program
memory layout.
Condsider branch perdiction, my intention is that,
if BPI executed, branch history is cleared, so branch predictor is forced to re-trained.
Thus only branch target which actually reached ever may be speculatively accessed to.
In R-profile, when the MPU is disabled a default region set is used:
R5: https://developer.arm.com/documentation/ddi0460/d/Memory-Protection-Unit/About-the-MPU?lang=en
R52: EL1-controlled MPU background region
The first thing to check is how the default region sets align to your memory system. If the areas you are concerned about are treated as XN (eXecute Never), then you don't have to worry about speculative instruction fetches.
Hi Martin,
Unfortunately the area not expected to be speculatively accessed is NOT XN in the background region.