[PATCH v3 2/4] arm64: smccc: clear the Xn registers after SMC calls

Abdellatif El Khlifi abdellatif.elkhlifi at arm.com
Mon Sep 26 13:33:49 CEST 2022 

On Tue, Aug 16, 2022 at 01:48:31PM +0200, Jens Wiklander wrote:
> On Mon, Aug 1, 2022 at 7:21 PM Abdellatif El Khlifi
> <abdellatif.elkhlifi at arm.com> wrote:
> >
> > set to zero the x0-x17 registers
> >
> > As per the SMCCC v1.2 spec, unused result and scratch registers can leak
> > information after an SMC call. We can mitigate against this risk by
> > returning zero in each register.
> >
> > Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi at arm.com>
> > Cc: Tom Rini <trini at konsulko.com>
> > Cc: Ilias Apalodimas <ilias.apalodimas at linaro.org>
> > Cc: Jens Wiklander <jens.wiklander at linaro.org>
> > ---
> >  arch/arm/cpu/armv8/smccc-call.S | 20 ++++++++++++++++++++
> >  1 file changed, 20 insertions(+)
> >
> > diff --git a/arch/arm/cpu/armv8/smccc-call.S b/arch/arm/cpu/armv8/smccc-call.S
> > index ec6f299bc9..8ac3e461e4 100644
> > --- a/arch/arm/cpu/armv8/smccc-call.S
> > +++ b/arch/arm/cpu/armv8/smccc-call.S
> > @@ -84,6 +84,26 @@ ENDPROC(__arm_smccc_hvc)
> >         stp     x14, x15, [x19, #ARM_SMCCC_1_2_REGS_X14_OFFS]
> >         stp     x16, x17, [x19, #ARM_SMCCC_1_2_REGS_X16_OFFS]
> >
> > +       /* x0-x17 registers can leak information after an SMC or HVC call. Let's clear them */
> > +       mov     x0, xzr
> > +       mov     x1, xzr
> > +       mov     x2, xzr
> > +       mov     x3, xzr
> > +       mov     x4, xzr
> > +       mov     x5, xzr
> > +       mov     x6, xzr
> > +       mov     x7, xzr
> > +       mov     x8, xzr
> > +       mov     x9, xzr
> > +       mov     x10, xzr
> > +       mov     x11, xzr
> > +       mov     x12, xzr
> > +       mov     x13, xzr
> > +       mov     x14, xzr
> > +       mov     x15, xzr
> > +       mov     x16, xzr
> > +       mov     x17, xzr
> > +
> 
> Is this information leakage worse than the information leakage from an
> ordinary C function?
> My point is, is this needed?

The leakage we are referring to is data leakage across exception levels.
The intent is to prevent lower exception levels (EL1/EL0) to read the 
data exchanged at EL2.

The linux kernel clears the general purpose registers before switching 
to EL0. As far as I know u-boot doesn't. 

So, the code above makes sure the registers are cleared.
An improved version of this has been releases in this 
patch: https://lore.kernel.org/all/20220926101723.9965-3-abdellatif.elkhlifi@arm.com/

> 
> Thanks,
> Jens
> 
> >         /* Restore original x19 */
> >         ldp     xzr, x19, [sp], #16
> >         ret
> > --
> > 2.17.1
> >

More information about the U-Boot mailing list