8035edbe12
Supervisor Call instruction (SVC) is used by the Arm Standalone MM environment to request services from the privileged software (such as ARM Trusted Firmware running in EL3) and also return back to the non-secure caller via EL3. Some Arm CPUs speculatively executes the instructions after the SVC instruction without crossing the privilege level (S-EL0). Although the results of this execution are architecturally discarded, adversary running on the non-secure side can manipulate the contents of the general purpose registers to leak the secure work memory through spectre like micro-architectural side channel attacks. This behavior is demonstrated by the SafeSide project [1] and [2]. Add barrier instructions after SVC to prevent speculative execution to mitigate such attacks. [1]: https://github.com/google/safeside/blob/master/demos/eret_hvc_smc_wrapper.cc [2]: https://github.com/google/safeside/blob/master/kernel_modules/kmod_eret_hvc_smc/eret_hvc_smc_module.c Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com> Reviewed-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
37 lines
855 B
ArmAsm
37 lines
855 B
ArmAsm
//
|
|
// Copyright (c) 2016 - 2020, ARM Limited. All rights reserved.
|
|
//
|
|
// SPDX-License-Identifier: BSD-2-Clause-Patent
|
|
//
|
|
//
|
|
|
|
.text
|
|
.align 3
|
|
|
|
GCC_ASM_EXPORT(ArmCallSvc)
|
|
|
|
ASM_PFX(ArmCallSvc):
|
|
// r0 will be popped just after the SVC call
|
|
push {r0, r4-r8}
|
|
|
|
// Load the SVC arguments values into the appropriate registers
|
|
ldm r0, {r0-r7}
|
|
|
|
svc #0
|
|
// Prevent speculative execution beyond svc instruction
|
|
dsb nsh
|
|
isb
|
|
|
|
// Load the ARM_SVC_ARGS structure address from the stack into r8
|
|
ldr r8, [sp]
|
|
|
|
// Load the SVC returned values into the appropriate registers
|
|
// A SVC call can return up to 4 values - we do not need to store back r4-r7.
|
|
stm r8, {r0-r3}
|
|
|
|
mov r0, r8
|
|
|
|
// Restore the registers r4-r8
|
|
pop {r1, r4-r8}
|
|
bx lr
|