andrius
/
arm-trusted-firmware
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
arm-trusted-firmware/lib/cpus/aarch64
History
Anthony Steinhauser f461fe346b Prevent speculative execution past ERET 
Even though ERET always causes a jump to another address, aarch64 CPUs
speculatively execute following instructions as if the ERET
instruction was not a jump instruction.
The speculative execution does not cross privilege-levels (to the jump
target as one would expect), but it continues on the kernel privilege
level as if the ERET instruction did not change the control flow -
thus execution anything that is accidentally linked after the ERET
instruction. Later, the results of this speculative execution are
always architecturally discarded, however they can leak data using
microarchitectural side channels. This speculative execution is very
reliable (seems to be unconditional) and it manages to complete even
relatively performance-heavy operations (e.g. multiple dependent
fetches from uncached memory).

This was fixed in Linux, FreeBSD, OpenBSD and Optee OS:
679db70801
29fb48ace4
3a08873ece
abfd092aa1

It is demonstrated in a SafeSide example:
https://github.com/google/safeside/blob/master/demos/eret_hvc_smc_wrapper.cc
https://github.com/google/safeside/blob/master/kernel_modules/kmod_eret_hvc_smc/eret_hvc_smc_module.c

Signed-off-by: Anthony Steinhauser <asteinhauser@google.com>
Change-Id: Iead39b0b9fb4b8d8b5609daaa8be81497ba63a0f
 		2020-01-22 21:42:51 +00:00
..
aem_generic.S FVP_Base_AEMv8A platform: Fix cache maintenance operations 2019-08-16 11:30:37 +00:00
cortex_a35.S Cortex-A35: Implement workaround for errata 855472 2019-04-17 13:46:43 +01:00
cortex_a53.S ti: k3: common: Remove coherency workaround for AM65x 2019-06-06 11:20:26 +01:00
cortex_a55.S Cortex-A55: workarounds for errata 1221012 2019-05-28 14:19:04 +01:00
cortex_a57.S Cortex-A57: Implement workaround for erratum 817169 2019-02-28 09:56:58 +00:00
cortex_a65.S Introducing support for Cortex-A65 2019-10-02 18:12:28 +02:00
cortex_a65ae.S Introducing support for Cortex-A65AE 2019-10-03 15:38:31 +02:00
cortex_a72.S cpulib: Add ISBs or comment why they are unneeded 2018-06-19 10:34:51 +01:00
cortex_a73.S Cortex-A73: Implement workaround for errata 852427 2019-02-28 12:01:13 +00:00
cortex_a75.S Add compile-time errors for HW_ASSISTED_COHERENCY flag 2019-05-03 14:23:55 +01:00
cortex_a75_pubsub.c Sanitise includes across codebase 2019-01-04 10:43:17 +00:00
cortex_a76.S Prevent speculative execution past ERET 2020-01-22 21:42:51 +00:00
cortex_a76ae.S Apply compile-time check for AArch64-only cores 2019-06-04 14:08:55 +01:00
cortex_a77.S Rename Cortex-Deimos to Cortex-A77 2019-07-10 12:14:20 +02:00
cortex_hercules.S Workaround for Hercules erratum 1688305 2019-12-23 11:21:16 -06:00
cortex_hercules_ae.S Cortex_hercules: Add support for Hercules-AE 2019-09-30 12:55:31 +01:00
cpu_helpers.S Neoverse N1 Errata Workaround 1542419 2019-10-04 19:31:24 +03:00
cpuamu.c Sanitise includes across codebase 2019-01-04 10:43:17 +00:00
cpuamu_helpers.S Add support for Branch Target Identification 2019-05-24 14:44:45 +01:00
denver.S cpus: denver: Implement static workaround for CVE-2018-3639 2018-09-04 17:34:08 -07:00
dsu_helpers.S DSU: Implement workaround for errata 798953 2019-04-17 13:46:43 +01:00
neoverse_e1.S DSU: Apply erratum 936184 for Neoverse N1/E1 2019-06-11 14:01:32 +01:00
neoverse_n1.S Prevent speculative execution past ERET 2020-01-22 21:42:51 +00:00
neoverse_n1_pubsub.c Rename Cortex-Ares to Neoverse N1 2019-02-19 13:50:07 +00:00
neoverse_zeus.S Zeus: apply the MSR SSBS instruction 2019-09-11 14:37:42 +01:00
wa_cve_2017_5715_bpiall.S Sanitise includes across codebase 2019-01-04 10:43:17 +00:00
wa_cve_2017_5715_mmu.S Prevent speculative execution past ERET 2020-01-22 21:42:51 +00:00