From nobody Sat Apr 27 14:45:08 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+60726+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+60726+1787277+3901457@groups.io ARC-Seal: i=1; a=rsa-sha256; t=1591276341; cv=none; d=zohomail.com; s=zohoarc; b=gyyOReo6csDgzKtK/HFNK8u40J9p4o8vicBIenaLm9rA0gT3vG9v9+3T1wC8bAIkuJaeAYJFWjkTZGpwW/8dF6P0C7H4UPRfs914T8jfGyloi4LPx4zpC6X1NGCNUt1PlWIBu+EVR/pbbUvUIZb9cEbkB/FL+VdDSPInGnZwqN4= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1591276341; h=Cc:Date:From:List-Id:List-Unsubscribe:Message-ID:Reply-To:Sender:Subject:To; bh=FXMs0DsAb3YZ3d17aPMy3cqAFiNdGr7IYtDUsQZJ11Q=; b=AueuIiY5q78Y4WTJS0w9p9RB3asPuQkMuQWRFLK2zhFLyN+o71SSfRHrtFsIxoGcWB00RCgv6/e6lqjPuBk75nXd45gxmbA5U4rC+FqJkYpojW8JNQENiPeUeouHBvCW0zyI1DJZ7dkPmcxuWln+XNnlEPBa4fmW8tHiN8+kNrw= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+60726+1787277+3901457@groups.io Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1591276341117855.5716050448898; Thu, 4 Jun 2020 06:12:21 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id LmKpYY1788612xYFcuhAsMMI; Thu, 04 Jun 2020 06:12:20 -0700 X-Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web11.13452.1591276338108461755 for ; Thu, 04 Jun 2020 06:12:18 -0700 X-Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id C6CCC30E; Thu, 4 Jun 2020 06:12:17 -0700 (PDT) X-Received: from usa.arm.com (a074939-lin.blr.arm.com [10.162.16.84]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 837DE3F305; Thu, 4 Jun 2020 06:12:15 -0700 (PDT) From: "Vijayenthiran Subramaniam" To: devel@edk2.groups.io, leif@nuviainc.com, Ard.Biesheuvel@arm.com Cc: thomas.abraham@arm.com, Sami.Mujawar@arm.com, richard.storer@arm.com Subject: [edk2-devel] [PATCH] ArmPkg/ArmSvcLib: prevent speculative execution beyond svc Date: Thu, 4 Jun 2020 18:42:09 +0530 Message-Id: <1591276329-20607-1-git-send-email-vijayenthiran.subramaniam@arm.com> Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,vijayenthiran.subramaniam@arm.com X-Gm-Message-State: rAL3dEgmFsjYVZQ4N3prnctkx1787277AA= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1591276340; bh=sF8teKC9ZndZSlSHZ6tLgAkfixCRb08nqQXhBdMxcH4=; h=Cc:Date:From:Reply-To:Subject:To; b=srFu1KhcBf5Z0MtTIHZHGyIW3gJhQxpuG8Xrdsp4gAy/YAc0r7DnM91MOtMNcMf5mlX qMVoypCHtmfz0CeZClEwynzg3C+Oswqv21/p+hQn7ou6iVYt7ybD2y1biDY3PsvR5WyST tnU0xLtwc6ldJ7U5JxFsDTVZmaJxJ4Zk7Hw= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Supervisor Call instruction (SVC) is used by the Arm Standalone MM environment to request services from the privileged software (such as ARM Trusted Firmware running in EL3) and also return back to the non-secure caller via EL3. Some Arm CPUs speculatively executes the instructions after the SVC instruction without crossing the privilege level (S-EL0). Although the results of this execution are architecturally discarded, adversary running on the non-secure side can manipulate the contents of the general purpose registers to leak the secure work memory through spectre like micro-architectural side channel attacks. This behavior is demonstrated by the SafeSide project [1] and [2]. Add barrier instructions after SVC to prevent speculative execution to mitigate such attacks. [1]: https://github.com/google/safeside/blob/master/demos/eret_hvc_smc_wrap= per.cc [2]: https://github.com/google/safeside/blob/master/kernel_modules/kmod_ere= t_hvc_smc/eret_hvc_smc_module.c Signed-off-by: Vijayenthiran Subramaniam Reviewed-by: Ard Biesheuvel --- ArmPkg/Library/ArmSvcLib/AArch64/ArmSvc.S | 5 ++++- ArmPkg/Library/ArmSvcLib/Arm/ArmSvc.S | 5 ++++- ArmPkg/Library/ArmSvcLib/Arm/ArmSvc.asm | 5 ++++- 3 files changed, 12 insertions(+), 3 deletions(-) diff --git a/ArmPkg/Library/ArmSvcLib/AArch64/ArmSvc.S b/ArmPkg/Library/Arm= SvcLib/AArch64/ArmSvc.S index 7c94db3451f0..ee265f94b960 100644 --- a/ArmPkg/Library/ArmSvcLib/AArch64/ArmSvc.S +++ b/ArmPkg/Library/ArmSvcLib/AArch64/ArmSvc.S @@ -1,5 +1,5 @@ // -// Copyright (c) 2012 - 2017, ARM Limited. All rights reserved. +// Copyright (c) 2012 - 2020, ARM Limited. All rights reserved. // // SPDX-License-Identifier: BSD-2-Clause-Patent // @@ -25,6 +25,9 @@ ASM_PFX(ArmCallSvc): ldp x0, x1, [x0, #0] =20 svc #0 + // Prevent speculative execution beyond svc instruction + dsb nsh + isb =20 // Pop the ARM_SVC_ARGS structure address from the stack into x9 ldr x9, [sp, #16] diff --git a/ArmPkg/Library/ArmSvcLib/Arm/ArmSvc.S b/ArmPkg/Library/ArmSvcL= ib/Arm/ArmSvc.S index fc2886b6b53e..e81eb88f2e87 100644 --- a/ArmPkg/Library/ArmSvcLib/Arm/ArmSvc.S +++ b/ArmPkg/Library/ArmSvcLib/Arm/ArmSvc.S @@ -1,5 +1,5 @@ // -// Copyright (c) 2016 - 2017, ARM Limited. All rights reserved. +// Copyright (c) 2016 - 2020, ARM Limited. All rights reserved. // // SPDX-License-Identifier: BSD-2-Clause-Patent // @@ -18,6 +18,9 @@ ASM_PFX(ArmCallSvc): ldm r0, {r0-r7} =20 svc #0 + // Prevent speculative execution beyond svc instruction + dsb nsh + isb =20 // Load the ARM_SVC_ARGS structure address from the stack into r8 ldr r8, [sp] diff --git a/ArmPkg/Library/ArmSvcLib/Arm/ArmSvc.asm b/ArmPkg/Library/ArmSv= cLib/Arm/ArmSvc.asm index 82d10c023ae3..d1751488b2b1 100644 --- a/ArmPkg/Library/ArmSvcLib/Arm/ArmSvc.asm +++ b/ArmPkg/Library/ArmSvcLib/Arm/ArmSvc.asm @@ -1,5 +1,5 @@ // -// Copyright (c) 2016 - 2017, ARM Limited. All rights reserved. +// Copyright (c) 2016 - 2020, ARM Limited. All rights reserved. // // SPDX-License-Identifier: BSD-2-Clause-Patent // @@ -16,6 +16,9 @@ ldm r0, {r0-r7} =20 svc #0 + // Prevent speculative execution beyond svc instruction + dsb nsh + isb =20 // Load the ARM_SVC_ARGS structure address from the stack into r8 ldr r8, [sp] --=20 2.7.4 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#60726): https://edk2.groups.io/g/devel/message/60726 Mute This Topic: https://groups.io/mt/74670426/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-