From patchwork Tue Aug 24 10:59:25 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Richard Earnshaw X-Patchwork-Id: 1520238 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=gcc.gnu.org (client-ip=2620:52:3:1:0:246e:9693:128c; helo=sourceware.org; envelope-from=gcc-patches-bounces+incoming=patchwork.ozlabs.org@gcc.gnu.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=gcc.gnu.org header.i=@gcc.gnu.org header.a=rsa-sha256 header.s=default header.b=E2X/eK3h; dkim-atps=neutral Received: from sourceware.org (server2.sourceware.org [IPv6:2620:52:3:1:0:246e:9693:128c]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4Gv5sb09NVz9sXM for ; Tue, 24 Aug 2021 21:06:57 +1000 (AEST) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 1C5383858409 for ; Tue, 24 Aug 2021 11:06:55 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 1C5383858409 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1629803215; bh=SXlaE5lT9KRJNoCM4DYb5KrSTdws76Cxzub88V3s4UE=; h=To:Subject:Date:In-Reply-To:References:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc: From; b=E2X/eK3hWaZy/5IhZlyEZPoFUqT56BP9z89+YWud43aShBf3CvC0sYIl6DUe93xQQ wiCSlplbt/gIgCmPUYjTMQ/+auLmxB7M7ECkynZifjiEIrlyNP4uQ4J6HIqYNlL+Nv UStOz5d2JK5Y/toSembRvdH0h6TuiZSXaZznXSUA= X-Original-To: gcc-patches@gcc.gnu.org Delivered-To: gcc-patches@gcc.gnu.org Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by sourceware.org (Postfix) with ESMTP id 2742F385843B for ; Tue, 24 Aug 2021 10:59:50 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 2742F385843B Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id BCA361480; Tue, 24 Aug 2021 03:59:49 -0700 (PDT) Received: from e126323.arm.com (unknown [10.57.39.244]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 41F693F66F; Tue, 24 Aug 2021 03:59:49 -0700 (PDT) To: gcc-patches@gcc.gnu.org Subject: [committed 3/6] arm: Add command-line option for enabling CVE-2021-35465 mitigation [PR102035] Date: Tue, 24 Aug 2021 11:59:25 +0100 Message-Id: <20210824105928.3869183-4-rearnsha@arm.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20210824105928.3869183-1-rearnsha@arm.com> References: <20210824105928.3869183-1-rearnsha@arm.com> MIME-Version: 1.0 X-Spam-Status: No, score=-13.9 required=5.0 tests=BAYES_00, GIT_PATCH_0, KAM_DMARC_STATUS, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: gcc-patches@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gcc-patches mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Richard Earnshaw via Gcc-patches From: Richard Earnshaw Reply-To: Richard Earnshaw Cc: Richard Earnshaw Errors-To: gcc-patches-bounces+incoming=patchwork.ozlabs.org@gcc.gnu.org Sender: "Gcc-patches" Add a new option, -mfix-cmse-cve-2021-35465 and document it. Enable it automatically for cortex-m33, cortex-m35p and cortex-m55. gcc: PR target/102035 * config/arm/arm.opt (mfix-cmse-cve-2021-35465): New option. * doc/invoke.texi (Arm Options): Document it. * config/arm/arm-cpus.in (quirk_vlldm): New feature bit. (ALL_QUIRKS): Add quirk_vlldm. (cortex-m33): Add quirk_vlldm. (cortex-m35p, cortex-m55): Likewise. * config/arm/arm.c (arm_option_override): Enable fix_vlldm if targetting an affected CPU and not explicitly controlled on the command line. --- gcc/config/arm/arm-cpus.in | 9 +++++++-- gcc/config/arm/arm.c | 9 +++++++++ gcc/config/arm/arm.opt | 4 ++++ gcc/doc/invoke.texi | 9 +++++++++ 4 files changed, 29 insertions(+), 2 deletions(-) diff --git a/gcc/config/arm/arm-cpus.in b/gcc/config/arm/arm-cpus.in index 249995a6bca..bcc9ebe9fe0 100644 --- a/gcc/config/arm/arm-cpus.in +++ b/gcc/config/arm/arm-cpus.in @@ -186,6 +186,9 @@ define feature quirk_armv6kz # Cortex-M3 LDRD quirk. define feature quirk_cm3_ldrd +# v8-m/v8.1-m VLLDM errata. +define feature quirk_vlldm + # Don't use .cpu assembly directive define feature quirk_no_asmcpu @@ -322,7 +325,7 @@ define implied vfp_base MVE MVE_FP ALL_FP # architectures. # xscale isn't really a 'quirk', but it isn't an architecture either and we # need to ignore it for matching purposes. -define fgroup ALL_QUIRKS quirk_no_volatile_ce quirk_armv6kz quirk_cm3_ldrd xscale quirk_no_asmcpu +define fgroup ALL_QUIRKS quirk_no_volatile_ce quirk_armv6kz quirk_cm3_ldrd quirk_vlldm xscale quirk_no_asmcpu define fgroup IGNORE_FOR_MULTILIB cdecp0 cdecp1 cdecp2 cdecp3 cdecp4 cdecp5 cdecp6 cdecp7 @@ -1571,6 +1574,7 @@ begin cpu cortex-m33 architecture armv8-m.main+dsp+fp option nofp remove ALL_FP option nodsp remove armv7em + isa quirk_vlldm costs v7m end cpu cortex-m33 @@ -1580,6 +1584,7 @@ begin cpu cortex-m35p architecture armv8-m.main+dsp+fp option nofp remove ALL_FP option nodsp remove armv7em + isa quirk_vlldm costs v7m end cpu cortex-m35p @@ -1591,7 +1596,7 @@ begin cpu cortex-m55 option nomve remove mve mve_float option nofp remove ALL_FP mve_float option nodsp remove MVE mve_float - isa quirk_no_asmcpu + isa quirk_no_asmcpu quirk_vlldm costs v7m vendor 41 end cpu cortex-m55 diff --git a/gcc/config/arm/arm.c b/gcc/config/arm/arm.c index 11dafc70067..5c929417f93 100644 --- a/gcc/config/arm/arm.c +++ b/gcc/config/arm/arm.c @@ -3616,6 +3616,15 @@ arm_option_override (void) fix_cm3_ldrd = 0; } + /* Enable fix_vlldm by default if required. */ + if (fix_vlldm == 2) + { + if (bitmap_bit_p (arm_active_target.isa, isa_bit_quirk_vlldm)) + fix_vlldm = 1; + else + fix_vlldm = 0; + } + /* Hot/Cold partitioning is not currently supported, since we can't handle literal pool placement in that case. */ if (flag_reorder_blocks_and_partition) diff --git a/gcc/config/arm/arm.opt b/gcc/config/arm/arm.opt index 7417b55122a..a7677eeb45c 100644 --- a/gcc/config/arm/arm.opt +++ b/gcc/config/arm/arm.opt @@ -268,6 +268,10 @@ Target Var(fix_cm3_ldrd) Init(2) Avoid overlapping destination and address registers on LDRD instructions that may trigger Cortex-M3 errata. +mfix-cmse-cve-2021-35465 +Target Var(fix_vlldm) Init(2) +Mitigate issues with VLLDM on some M-profile devices (CVE-2021-35465). + munaligned-access Target Var(unaligned_access) Init(2) Save Enable unaligned word and halfword accesses to packed data. diff --git a/gcc/doc/invoke.texi b/gcc/doc/invoke.texi index a9d56fecf4e..b8f5d9e1cce 100644 --- a/gcc/doc/invoke.texi +++ b/gcc/doc/invoke.texi @@ -808,6 +808,7 @@ Objective-C and Objective-C++ Dialects}. -mverbose-cost-dump @gol -mpure-code @gol -mcmse @gol +-mfix-cmse-cve-2021-35465 @gol -mfdpic} @emph{AVR Options} @@ -20743,6 +20744,14 @@ Generate secure code as per the "ARMv8-M Security Extensions: Requirements on Development Tools Engineering Specification", which can be found on @url{https://developer.arm.com/documentation/ecm0359818/latest/}. +@item -mfix-cmse-cve-2021-35465 +@opindex mfix-cmse-cve-2021-35465 +Mitigate against a potential security issue with the @code{VLLDM} instruction +in some M-profile devices when using CMSE (CVE-2021-365465). This option is +enabled by default when the option @option{-mcpu=} is used with +@code{cortex-m33}, @code{cortex-m35p} or @code{cortex-m55}. The option +@option{-mno-fix-cmse-cve-2021-35465} can be used to disable the mitigation. + @item -mfdpic @itemx -mno-fdpic @opindex mfdpic