[PATCH] D109157: [ARM] Mitigate the cve-2021-35465 security vulnurability.

[Alexandros Lamprineas via Phabricator via llvm-commits]

labrinea created this revision.
labrinea added reviewers: llvm-commits, momchil.velikov.
Herald added subscribers: dang, hiraditya, kristof.beyls.
labrinea requested review of this revision.
Herald added projects: clang, LLVM.
Herald added a subscriber: cfe-commits.

Recently a vulnerability issue is found in the implementation of VLLDM instruction in the Arm Cortex-M33, Cortex-M35P and Cortex-M55. If the VLLDM instruction is abandoned due to an exception when it is partially completed, it is possible for subsequent non-secure handler to access and modify the partial restored register values. This vulnerability is identified as CVE-2021-35465. The mitigation sequence varies between v8-m and v8.1-m as follows:

v8-m.main

  mrs        r5, control
  tst        r5, #8       /* CONTROL_S.SFPA */
  it         ne
  .inst.w    0xeeb00a40   /* vmovne s0, s0 */
  1:
  vlldm      sp           /* Lazy restore of d0-d16 and FPSCR. */

v8.1-m.main

  vscclrm    {vpr}        /* Clear VPR. */
  vlldm      sp           /* Lazy restore of d0-d16 and FPSCR. */

More details on https://developer.arm.com/support/arm-security-updates/vlldm-instruction-security-vulnerability


Repository:
  rG LLVM Github Monorepo

https://reviews.llvm.org/D109157

Files:
  clang/include/clang/Driver/Options.td
  clang/lib/Driver/ToolChains/Clang.cpp
  clang/test/Driver/arm-cmse-cve-2021-35465.c
  llvm/lib/Target/ARM/ARMExpandPseudoInsts.cpp
  llvm/test/CodeGen/ARM/cmse-cve-2021-35465-return.ll
  llvm/test/CodeGen/ARM/cmse-cve-2021-35465.ll

-------------- next part --------------
A non-text attachment was scrubbed...
Name: D109157.370264.patch
Type: text/x-patch
Size: 17898 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20210902/bbdee34b/attachment.bin>