git.proxmox.com Git - mirror_edk2.git/commit - ArmPkg/Library/ArmSvcLib/AArch64/ArmSvc.S

ArmPkg/ArmSvcLib: prevent speculative execution beyond svc

Supervisor Call instruction (SVC) is used by the Arm Standalone MM
environment to request services from the privileged software (such as
ARM Trusted Firmware running in EL3) and also return back to the
non-secure caller via EL3. Some Arm CPUs speculatively executes the
instructions after the SVC instruction without crossing the privilege
level (S-EL0). Although the results of this execution are
architecturally discarded, adversary running on the non-secure side can
manipulate the contents of the general purpose registers to leak the
secure work memory through spectre like micro-architectural side channel
attacks. This behavior is demonstrated by the SafeSide project [1] and
[2]. Add barrier instructions after SVC to prevent speculative execution
to mitigate such attacks.

[1]: https://github.com/google/safeside/blob/master/demos/eret_hvc_smc_wrapper.cc
[2]: https://github.com/google/safeside/blob/master/kernel_modules/kmod_eret_hvc_smc/eret_hvc_smc_module.c

Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@arm.com>

author	Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
	Thu, 4 Jun 2020 13:12:09 +0000 (18:42 +0530)
committer	mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
	Fri, 5 Jun 2020 08:05:03 +0000 (08:05 +0000)
commit	8035edbe12f0f2a58e8fa9b06d05c8ee1c69ffae
tree	d94342ed7a61e1c5f2b27bdebbdecdda909ba99a	tree
parent	bb78cfbec07eda45118b630a09b0af549b43a135	commit \| diff

ArmPkg/Library/ArmSvcLib/AArch64/ArmSvc.S		diff \| blob \| blame \| history
ArmPkg/Library/ArmSvcLib/Arm/ArmSvc.S		diff \| blob \| blame \| history
ArmPkg/Library/ArmSvcLib/Arm/ArmSvc.asm		diff \| blob \| blame \| history