From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from foss.arm.com (foss.arm.com [217.140.110.172])
 by mx.groups.io with SMTP id smtpd.web10.6316.1591344325767829238
 for <devel@edk2.groups.io>;
 Fri, 05 Jun 2020 01:05:26 -0700
Authentication-Results: mx.groups.io;
 dkim=missing; spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: ard.biesheuvel@arm.com)
Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14])
	by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 5CCF92B;
	Fri,  5 Jun 2020 01:05:24 -0700 (PDT)
Received: from [192.168.1.69] (unknown [10.37.8.209])
	by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 9485F3F305;
	Fri,  5 Jun 2020 01:05:22 -0700 (PDT)
Subject: Re: [PATCH] ArmPkg/ArmSvcLib: prevent speculative execution beyond svc
To: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>,
 devel@edk2.groups.io, leif@nuviainc.com
Cc: thomas.abraham@arm.com, Sami.Mujawar@arm.com, richard.storer@arm.com
References: <1591276329-20607-1-git-send-email-vijayenthiran.subramaniam@arm.com>
From: "Ard Biesheuvel" <ard.biesheuvel@arm.com>
Message-ID: <315d6865-8943-c360-5f2d-7e9de03d1391@arm.com>
Date: Fri, 5 Jun 2020 10:05:18 +0200
User-Agent: Mozilla/5.0 (X11; Linux aarch64; rv:68.0) Gecko/20100101
 Thunderbird/68.8.1
MIME-Version: 1.0
In-Reply-To: <1591276329-20607-1-git-send-email-vijayenthiran.subramaniam@arm.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit

On 6/4/20 3:12 PM, Vijayenthiran Subramaniam wrote:
> Supervisor Call instruction (SVC) is used by the Arm Standalone MM
> environment to request services from the privileged software (such as
> ARM Trusted Firmware running in EL3) and also return back to the
> non-secure caller via EL3. Some Arm CPUs speculatively executes the
> instructions after the SVC instruction without crossing the privilege
> level (S-EL0). Although the results of this execution are
> architecturally discarded, adversary running on the non-secure side can
> manipulate the contents of the general purpose registers to leak the
> secure work memory through spectre like micro-architectural side channel
> attacks. This behavior is demonstrated by the SafeSide project [1] and
> [2]. Add barrier instructions after SVC to prevent speculative execution
> to mitigate such attacks.
> 
> [1]: https://github.com/google/safeside/blob/master/demos/eret_hvc_smc_wrapper.cc
> [2]: https://github.com/google/safeside/blob/master/kernel_modules/kmod_eret_hvc_smc/eret_hvc_smc_module.c
> 
> Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>

Reviewed-by: Ard Biesheuvel <ard.biesheuvel@arm.com>

Merged as #663

Thanks.

> ---
>   ArmPkg/Library/ArmSvcLib/AArch64/ArmSvc.S | 5 ++++-
>   ArmPkg/Library/ArmSvcLib/Arm/ArmSvc.S     | 5 ++++-
>   ArmPkg/Library/ArmSvcLib/Arm/ArmSvc.asm   | 5 ++++-
>   3 files changed, 12 insertions(+), 3 deletions(-)
> 
> diff --git a/ArmPkg/Library/ArmSvcLib/AArch64/ArmSvc.S b/ArmPkg/Library/ArmSvcLib/AArch64/ArmSvc.S
> index 7c94db3451f0..ee265f94b960 100644
> --- a/ArmPkg/Library/ArmSvcLib/AArch64/ArmSvc.S
> +++ b/ArmPkg/Library/ArmSvcLib/AArch64/ArmSvc.S
> @@ -1,5 +1,5 @@
>   //
> -//  Copyright (c) 2012 - 2017, ARM Limited. All rights reserved.
> +//  Copyright (c) 2012 - 2020, ARM Limited. All rights reserved.
>   //
>   //  SPDX-License-Identifier: BSD-2-Clause-Patent
>   //
> @@ -25,6 +25,9 @@ ASM_PFX(ArmCallSvc):
>     ldp   x0, x1, [x0, #0]
>   
>     svc   #0
> +  // Prevent speculative execution beyond svc instruction
> +  dsb   nsh
> +  isb
>   
>     // Pop the ARM_SVC_ARGS structure address from the stack into x9
>     ldr   x9, [sp, #16]
> diff --git a/ArmPkg/Library/ArmSvcLib/Arm/ArmSvc.S b/ArmPkg/Library/ArmSvcLib/Arm/ArmSvc.S
> index fc2886b6b53e..e81eb88f2e87 100644
> --- a/ArmPkg/Library/ArmSvcLib/Arm/ArmSvc.S
> +++ b/ArmPkg/Library/ArmSvcLib/Arm/ArmSvc.S
> @@ -1,5 +1,5 @@
>   //
> -//  Copyright (c) 2016 - 2017, ARM Limited. All rights reserved.
> +//  Copyright (c) 2016 - 2020, ARM Limited. All rights reserved.
>   //
>   //  SPDX-License-Identifier: BSD-2-Clause-Patent
>   //
> @@ -18,6 +18,9 @@ ASM_PFX(ArmCallSvc):
>       ldm     r0, {r0-r7}
>   
>       svc     #0
> +    // Prevent speculative execution beyond svc instruction
> +    dsb     nsh
> +    isb
>   
>       // Load the ARM_SVC_ARGS structure address from the stack into r8
>       ldr     r8, [sp]
> diff --git a/ArmPkg/Library/ArmSvcLib/Arm/ArmSvc.asm b/ArmPkg/Library/ArmSvcLib/Arm/ArmSvc.asm
> index 82d10c023ae3..d1751488b2b1 100644
> --- a/ArmPkg/Library/ArmSvcLib/Arm/ArmSvc.asm
> +++ b/ArmPkg/Library/ArmSvcLib/Arm/ArmSvc.asm
> @@ -1,5 +1,5 @@
>   //
> -//  Copyright (c) 2016 - 2017, ARM Limited. All rights reserved.
> +//  Copyright (c) 2016 - 2020, ARM Limited. All rights reserved.
>   //
>   //  SPDX-License-Identifier: BSD-2-Clause-Patent
>   //
> @@ -16,6 +16,9 @@
>       ldm     r0, {r0-r7}
>   
>       svc     #0
> +    // Prevent speculative execution beyond svc instruction
> +    dsb     nsh
> +    isb
>   
>       // Load the ARM_SVC_ARGS structure address from the stack into r8
>       ldr     r8, [sp]
>