[all-commits] [llvm/llvm-project] 33411d: [ARM] Fix CMSE S->NS calls when CONTROL_S.SFPA==0 ...

Oliver Stannard via All-commits all-commits at lists.llvm.org
Fri Nov 1 02:36:35 PDT 2024 

  Branch: refs/heads/main
  Home:   https://github.com/llvm/llvm-project
  Commit: 33411d520783189c31e9936a67371198d6da5f25
      https://github.com/llvm/llvm-project/commit/33411d520783189c31e9936a67371198d6da5f25
  Author: Oliver Stannard <oliver.stannard at arm.com>
  Date:   2024-11-01 (Fri, 01 Nov 2024)

  Changed paths:
    M llvm/lib/Target/ARM/ARMExpandPseudoInsts.cpp
    M llvm/test/CodeGen/ARM/cmse-clear-float-hard.ll
    M llvm/test/CodeGen/ARM/cmse-vlldm-no-reorder.mir

  Log Message:
  -----------
  [ARM] Fix CMSE S->NS calls when CONTROL_S.SFPA==0 (CVE-2024-7883) (#114433)

When doing a call from CMSE secure state to non-secure state for
v8-M.main, we use the VLLDM and VLSTM instructions to save, clear and
restore the FP registers around the call. These instructions both check
the CONTROL_S.SFPA bit, and if it is clear (meaning the current contents
of the FP registers are not secret) they execute as no-ops.

This causes a problem when CONTROL_S.SFPA==0 before the call, which
happens if there are no floating-point instructions executed between
entry to secure state and the call. If this is the case, then the VLSTM
instruction will do nothing, leaving the save area in the stack
uninitialised. If the called function returns a value in floating-point
registers, the call sequence includes an instruction to copy the return
value from a floating-point register to a GPR, which must be before the
VLLDM instruction. This copy sets CONTROL_S.SFPA, meaning that the VLLDM
will fully execute, and load the uninitialised stack memory into the FP
registers.

This causes two problems:
* The FP register file is clobbered, including all of the callee-saved
  registers, which might contain live values.
* The stack region might contain secret values, which will be leaked to
  non-secure state through the floating-point registers if/when we
  return to non-secure state.

The fix is to insert a `vmov s0, s0` instruction before the VLSTM
instruction, to ensure that CONTROL_S.SFPA is set for both the VLLDM and
VLSTM instruction.

CVE: https://www.cve.org/cverecord?id=CVE-2024-7883
Security bulletin:
https://developer.arm.com/Arm%20Security%20Center/Cortex-M%20Security%20Extensions%20Vulnerability



To unsubscribe from these emails, change your notification settings at https://github.com/llvm/llvm-project/settings/notifications

More information about the All-commits mailing list