aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMadhukar Pappireddy <madhukar.pappireddy@arm.com>2020-02-26 12:37:05 -0600
committerMadhukar Pappireddy <madhukar.pappireddy@arm.com>2020-03-01 06:44:30 -0600
commit6bc243825f561e87ef7af7f51b218c6b0dab9b78 (patch)
tree15d4515c7f5fc2d3d34fae93b9fe58a1b5453e2b
parent2403813779d983fc039bcd05cd659520bcaaf75e (diff)
downloadtrusted-firmware-a-6bc243825f561e87ef7af7f51b218c6b0dab9b78.tar.gz
aarch32: stop speculative execution past exception returns
aarch32 CPUs speculatively execute instructions following a ERET as if it was not a jump instruction. This could lead to cache-based side channel vulnerabilities. The software fix is to place barrier instructions following ERET. The counterpart patch for aarch64 is merged: https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/commit/?id=f461fe346b728d0e88142fd7b8f2816415af18bc Change-Id: I2aa3105bee0b92238f389830b3a3b8650f33af3d Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
-rw-r--r--bl1/aarch32/bl1_exceptions.S2
-rw-r--r--bl2/aarch32/bl2_el3_entrypoint.S2
-rw-r--r--include/arch/aarch32/asm_macros.S15
-rw-r--r--include/arch/aarch32/smccc_macros.S2
4 files changed, 17 insertions, 4 deletions
diff --git a/bl1/aarch32/bl1_exceptions.S b/bl1/aarch32/bl1_exceptions.S
index f2af9ab5b..493d2ca4e 100644
--- a/bl1/aarch32/bl1_exceptions.S
+++ b/bl1/aarch32/bl1_exceptions.S
@@ -80,7 +80,7 @@ debug_loop:
add r8, r8, #ENTRY_POINT_INFO_ARGS_OFFSET
ldm r8, {r0, r1, r2, r3}
- eret
+ exception_return
endfunc bl1_aarch32_smc_handler
/* -----------------------------------------------------
diff --git a/bl2/aarch32/bl2_el3_entrypoint.S b/bl2/aarch32/bl2_el3_entrypoint.S
index 9b4da6b13..2e851e61a 100644
--- a/bl2/aarch32/bl2_el3_entrypoint.S
+++ b/bl2/aarch32/bl2_el3_entrypoint.S
@@ -87,5 +87,5 @@ func bl2_run_next_image
add r8, r8, #ENTRY_POINT_INFO_ARGS_OFFSET
ldm r8, {r0, r1, r2, r3}
- eret
+ exception_return
endfunc bl2_run_next_image
diff --git a/include/arch/aarch32/asm_macros.S b/include/arch/aarch32/asm_macros.S
index 8cfa21231..ea1636e24 100644
--- a/include/arch/aarch32/asm_macros.S
+++ b/include/arch/aarch32/asm_macros.S
@@ -95,11 +95,24 @@
#if ARM_ARCH_MAJOR == 7 && !defined(ARMV7_SUPPORTS_VIRTUALIZATION)
/*
+ * Macro for mitigating against speculative execution.
* ARMv7 cores without Virtualization extension do not support the
* eret instruction.
*/
- .macro eret
+ .macro exception_return
movs pc, lr
+ dsb nsh
+ isb
+ .endm
+
+#else
+ /*
+ * Macro for mitigating against speculative execution beyond ERET.
+ */
+ .macro exception_return
+ eret
+ dsb nsh
+ isb
.endm
#endif
diff --git a/include/arch/aarch32/smccc_macros.S b/include/arch/aarch32/smccc_macros.S
index 4ec229218..ea7835a42 100644
--- a/include/arch/aarch32/smccc_macros.S
+++ b/include/arch/aarch32/smccc_macros.S
@@ -235,7 +235,7 @@
/* Restore the rest of the general purpose registers */
ldm r0, {r0-r12}
- eret
+ exception_return
.endm
#endif /* SMCCC_MACROS_S */