-
Joel Hutton authored
Initial Spectre Variant 1 mitigations (CVE-2017-5753). A potential speculative data leak was found in PSCI code, this depends on a non-robust implementation of the `plat_get_core_pos_by_mpidr()` function. This is considered very low-risk. This patch adds a macro to mitigate this. Note not all code paths could be analyzed with current tools. Add a macro which makes a variable 'speculation safe', using the __builtin_speculation_safe_value function of GCC and llvm. This will be available in GCC 9, and is planned for llvm, but is not currently in mainline GCC or llvm. In order to implement this mitigation the compiler must support this builtin. Support is indicated by the __HAVE_SPECULATION_SAFE_VALUE flag. The -mtrack-speculation option maintains a 'tracker' register, which determines if the processor is in false speculation at any point. This adds instructions and increases code size, but avoids the performance impact of a hard barrier. Without the -mtrack-speculation option, __builtin_speculation_safe_value expands to a ISB DSB SY sequence after a conditional branch, before the speculation safe variable is used. With -mtrack-speculation a CSEL tracker, tracker, XZR, [cond]; AND safeval,tracker; CSDB sequence is added instead, clearing the vulnerable variable by AND'ing it with the tracker register, which is zero during speculative execution. [cond] are the status flags which will only be true during speculative execution. For more information on __builtin_speculation_safe_value and the -mtrack-speculation option see https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/compiler-support-for-mitigations The -mtracking option was not added, as the performance impact of the mitigation is low, and there is only one occurence. Change-Id: Ic9e66d1f4a5155e42e3e4055594974c230bfba3c Signed-off-by:Joel Hutton <Joel.Hutton@Arm.com>
9edd8912
