blob: 28e10bff260a5dae503d4727e161e7d246ed6346 [file] [log] [blame]
Joel Hutton9e605632019-02-25 15:18:56 +00001+----------------+-------------------------------------------------------------+
2| Title | RO memory is always executable at AArch64 Secure EL1 |
3+================+=============================================================+
Paul Beesley75017f22019-03-05 17:10:07 +00004| CVE ID | `CVE-2017-7563`_ |
Joel Hutton9e605632019-02-25 15:18:56 +00005+----------------+-------------------------------------------------------------+
6| Date | 06 Apr 2017 |
7+----------------+-------------------------------------------------------------+
8| Versions | v1.3 (since `Pull Request #662`_) |
9| Affected | |
10+----------------+-------------------------------------------------------------+
11| Configurations | AArch64 BL2, TSP or other users of xlat_tables library |
12| Affected | executing at AArch64 Secure EL1 |
13+----------------+-------------------------------------------------------------+
14| Impact | Unexpected Privilege Escalation |
15+----------------+-------------------------------------------------------------+
16| Fix Version | `Pull Request #924`_ |
17+----------------+-------------------------------------------------------------+
18| Credit | ARM |
19+----------------+-------------------------------------------------------------+
20
21The translation table library in ARM Trusted Firmware (TF) (under
22``lib/xlat_tables`` and ``lib/xlat_tables_v2``) provides APIs to help program
23translation tables in the MMU. The xlat\_tables client specifies its required
24memory mappings in the form of ``mmap_region`` structures. Each ``mmap_region``
25has memory attributes represented by the ``mmap_attr_t`` enumeration type. This
26contains flags to control data access permissions (``MT_RO``/``MT_RW``) and
27instruction execution permissions (``MT_EXECUTE``/``MT_EXECUTE_NEVER``). Thus a
28mapping specifying both ``MT_RO`` and ``MT_EXECUTE_NEVER`` should result in a
29Read-Only (RO), non-executable memory region.
30
31This feature does not work correctly for AArch64 images executing at Secure EL1.
32Any memory region mapped as RO will always be executable, regardless of whether
33the client specified ``MT_EXECUTE`` or ``MT_EXECUTE_NEVER``.
34
35The vulnerability is known to affect the BL2 and Test Secure Payload (TSP)
36images on platforms that enable the ``SEPARATE_CODE_AND_RODATA`` build option,
37which includes all ARM standard platforms, and the upstream Xilinx and NVidia
38platforms. The RO data section for these images on these platforms is
39unexpectedly executable instead of non-executable. Other platforms or
40``xlat_tables`` clients may also be affected.
41
42The vulnerability primarily manifests itself after `Pull Request #662`_. Before
43that, ``xlat_tables`` clients could not specify instruction execution
44permissions separately to data access permissions. All RO normal memory regions
45were implicitly executable. Before `Pull Request #662`_. the vulnerability
46would only manifest itself for device memory mapped as RO; use of this mapping
47is considered rare, although the upstream QEMU platform uses this mapping when
48the ``DEVICE2_BASE`` build option is used.
49
50Note that one or more separate vulnerabilities are also required to exploit this
51vulnerability.
52
53The vulnerability is due to incorrect handling of the execute-never bits in the
54translation tables. The EL3 translation regime uses a single ``XN`` bit to
55determine whether a region is executable. The Secure EL1&0 translation regime
56handles 2 Virtual Address (VA) ranges and so uses 2 bits, ``UXN`` and ``PXN``.
57The ``xlat_tables`` library only handles the ``XN`` bit, which maps to ``UXN``
58in the Secure EL1&0 regime. As a result, this programs the Secure EL0 execution
59permissions but always leaves the memory as executable at Secure EL1.
60
61The vulnerability is mitigated by the following factors:
62
63- The xlat\_tables library ensures that all Read-Write (RW) memory regions are
64 non-executable by setting the ``SCTLR_ELx.WXN`` bit. This overrides any value
65 of the ``XN``, ``UXN`` or ``PXN`` bits in the translation tables. See the
66 ``enable_mmu()`` function:
67
68 .. code:: c
69
70 sctlr = read_sctlr_el##_el(); \
71 sctlr |= SCTLR_WXN_BIT | SCTLR_M_BIT; \
72
73- AArch32 configurations are unaffected. Here the ``XN`` bit controls execution
74 privileges of the currently executing translation regime, which is the desired
75 behaviour.
76
77- ARM TF EL3 code (for example BL1 and BL31) ensures that all non-secure memory
78 mapped into the secure world is non-executable by setting the ``SCR_EL3.SIF``
79 bit. See the ``el3_arch_init_common`` macro in ``el3_common_macros.S``.
80
Paul Beesley75017f22019-03-05 17:10:07 +000081.. _CVE-2017-7563: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7563
Joel Hutton9e605632019-02-25 15:18:56 +000082.. _Pull Request #662: https://github.com/ARM-software/arm-trusted-firmware/pull/662
83.. _Pull Request #924: https://github.com/ARM-software/arm-trusted-firmware/pull/924