summaryrefslogtreecommitdiffhomepage
path: root/pkg/sentry
diff options
context:
space:
mode:
authorBin Lu <bin.lu@arm.com>2020-09-10 02:47:10 -0400
committerBin Lu <bin.lu@arm.com>2020-09-10 02:47:13 -0400
commit6d688347791526e2a1101333ccc7a410735cf31a (patch)
treee93a14b20c356a3044bf06eb6b66cfed4a1ecf2d /pkg/sentry
parent1ab097b08fc16d67b90f094a4316883c289ef77f (diff)
arm64:place an SB sequence following an ERET instruction
Some CPUs(eg: ampere-emag) can speculate past an ERET instruction and potentially perform speculative accesses to memory before processing the exception return. Since the register state is often controlled by a lower privilege level at the point of an ERET, this could potentially be used as part of a side-channel attack. Signed-off-by: Bin Lu <bin.lu@arm.com>
Diffstat (limited to 'pkg/sentry')
-rw-r--r--pkg/sentry/platform/ring0/entry_arm64.s4
1 files changed, 3 insertions, 1 deletions
diff --git a/pkg/sentry/platform/ring0/entry_arm64.s b/pkg/sentry/platform/ring0/entry_arm64.s
index 9d29b7168..1e477cc49 100644
--- a/pkg/sentry/platform/ring0/entry_arm64.s
+++ b/pkg/sentry/platform/ring0/entry_arm64.s
@@ -27,7 +27,9 @@
// ERET returns using the ELR and SPSR for the current exception level.
#define ERET() \
- WORD $0xd69f03e0
+ WORD $0xd69f03e0; \
+ DSB $7; \
+ ISB $15;
// RSV_REG is a register that holds el1 information temporarily.
#define RSV_REG R18_PLATFORM