[all-commits] [llvm/llvm-project] 78ff61: [ARM] CMSE security mitigation on function argumen...

Thu Jun 20 02:22:22 PDT 2024

  Branch: refs/heads/main
  Home:   https://github.com/llvm/llvm-project
  Commit: 78ff617d3f573fb3a9b2fef180fa0fd43d5584ea
      https://github.com/llvm/llvm-project/commit/78ff617d3f573fb3a9b2fef180fa0fd43d5584ea
  Author: Lucas Duarte Prates <lucas.prates at arm.com>
  Date:   2024-06-20 (Thu, 20 Jun 2024)

  Changed paths:
    M llvm/lib/Target/ARM/ARMISelLowering.cpp
    M llvm/lib/Target/ARM/ARMISelLowering.h
    A llvm/test/CodeGen/ARM/cmse-harden-call-returned-values.ll
    A llvm/test/CodeGen/ARM/cmse-harden-entry-arguments.ll

  Log Message:
  -----------
  [ARM] CMSE security mitigation on function arguments and returned values (#89944)

The ABI mandates two things related to function calls:
 - Function arguments must be sign- or zero-extended to the register
   size by the caller.
 - Return values must be sign- or zero-extended to the register size by
   the callee.

As consequence, callees can assume that function arguments have been
extended and so can callers with regards to return values.

Here lies the problem: Nonsecure code might deliberately ignore this
mandate with the intent of attempting an exploit. It might try to pass
values that lie outside the expected type's value range in order to
trigger undefined behaviour, e.g. out of bounds access.

With the mitigation implemented, Secure code always performs extension
of values passed by Nonsecure code.

This addresses the vulnerability described in CVE-2024-0151.

Patches by Victor Campos.

---------

Co-authored-by: Victor Campos <victor.campos at arm.com>

To unsubscribe from these emails, change your notification settings at https://github.com/llvm/llvm-project/settings/notifications