From 6bc243825f561e87ef7af7f51b218c6b0dab9b78 Mon Sep 17 00:00:00 2001 From: Madhukar Pappireddy Date: Wed, 26 Feb 2020 12:37:05 -0600 Subject: aarch32: stop speculative execution past exception returns aarch32 CPUs speculatively execute instructions following a ERET as if it was not a jump instruction. This could lead to cache-based side channel vulnerabilities. The software fix is to place barrier instructions following ERET. The counterpart patch for aarch64 is merged: https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/commit/?id=f461fe346b728d0e88142fd7b8f2816415af18bc Change-Id: I2aa3105bee0b92238f389830b3a3b8650f33af3d Signed-off-by: Madhukar Pappireddy --- include/arch/aarch32/asm_macros.S | 15 ++++++++++++++- include/arch/aarch32/smccc_macros.S | 2 +- 2 files changed, 15 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/arch/aarch32/asm_macros.S b/include/arch/aarch32/asm_macros.S index 8cfa21231..ea1636e24 100644 --- a/include/arch/aarch32/asm_macros.S +++ b/include/arch/aarch32/asm_macros.S @@ -95,11 +95,24 @@ #if ARM_ARCH_MAJOR == 7 && !defined(ARMV7_SUPPORTS_VIRTUALIZATION) /* + * Macro for mitigating against speculative execution. * ARMv7 cores without Virtualization extension do not support the * eret instruction. */ - .macro eret + .macro exception_return movs pc, lr + dsb nsh + isb + .endm + +#else + /* + * Macro for mitigating against speculative execution beyond ERET. + */ + .macro exception_return + eret + dsb nsh + isb .endm #endif diff --git a/include/arch/aarch32/smccc_macros.S b/include/arch/aarch32/smccc_macros.S index 4ec229218..ea7835a42 100644 --- a/include/arch/aarch32/smccc_macros.S +++ b/include/arch/aarch32/smccc_macros.S @@ -235,7 +235,7 @@ /* Restore the rest of the general purpose registers */ ldm r0, {r0-r12} - eret + exception_return .endm #endif /* SMCCC_MACROS_S */ -- cgit v1.2.3