[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH 2/2] xen/arm: Mitigate straight-line speculation for SMC call
On 16/06/2020 18:59, Julien Grall wrote:
From: Julien Grall <jgrall@xxxxxxxxxx>
SMC call will update some of registers (typically only x0) depending on
the arguments provided.
Some CPUs can speculate past a SMC instruction and potentially perform
speculative access to emrmoy using the pre-call values before executing
the SMC.
There is no known gadget available after the SMC call today. However
some of the registers may contain values from the guest and are expected
to be updated by the SMC call.
In order to harden the code, it would be better to prevent straight-line
speculation from an SMC. Architecturally executing the speculation
barrier after every SMC can be rather expensive (particularly on core
not SB). Therefore we want to mitigate it diferrently:
* For arm_smccc_1_0_smc, we can avoid a speculation barrier right
after the SMC instruction and instead rely on the one after eret.
* For arm_smccc_1_1_smc, we can place a B instruction after the SMC
instruction to skip the barrier.
Note that arm_smccc_1_0_smc version on arm32 is just an alias to
arm_smccc_1_1_smc.
Note that no speculation barrier has been added after the SMC
instruction in arm64/entry.S. This is fine because the call is not
expected to modify any registers. So straight-line speculation doesn't
matter.
Signed-off-by: Julien Grall <jgrall@xxxxxxxxxx>
---
Note this hasn't been vetted by Arm but they are using the same
sort of mitigation for blr. So I am quite confident this could do the
trick.
Actually there is some unknown on whether this may introduce issue on
other sort of speculation. As there is no known reveal gadge after the
SMC call and this is only about prevention, I will withdraw this patch
for the time being.
Patch #1 is still valid though.
Cheers,
--
Julien Grall
|
