commit | fcbcd6f36ec8f367d4a9fdce11d277d7758a2647 | [log] [tgz] |
---|---|---|
author | Madhukar Pappireddy <madhukar.pappireddy@arm.com> | Wed Feb 26 12:37:05 2020 -0600 |
committer | Madhukar Pappireddy <madhukar.pappireddy@arm.com> | Sun Mar 01 06:44:30 2020 -0600 |
tree | 15d4515c7f5fc2d3d34fae93b9fe58a1b5453e2b | |
parent | 65bc9b327568b5b4dd7a5142c385575d32e988b1 [diff] |
aarch32: stop speculative execution past exception returns aarch32 CPUs speculatively execute instructions following a ERET as if it was not a jump instruction. This could lead to cache-based side channel vulnerabilities. The software fix is to place barrier instructions following ERET. The counterpart patch for aarch64 is merged: https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/commit/?id=f461fe346b728d0e88142fd7b8f2816415af18bc Change-Id: I2aa3105bee0b92238f389830b3a3b8650f33af3d Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
diff --git a/bl1/aarch32/bl1_exceptions.S b/bl1/aarch32/bl1_exceptions.S index f2af9ab..493d2ca 100644 --- a/bl1/aarch32/bl1_exceptions.S +++ b/bl1/aarch32/bl1_exceptions.S
@@ -80,7 +80,7 @@ add r8, r8, #ENTRY_POINT_INFO_ARGS_OFFSET ldm r8, {r0, r1, r2, r3} - eret + exception_return endfunc bl1_aarch32_smc_handler /* -----------------------------------------------------