Re: [PATCH v3 2/4] arm64: smccc: clear the Xn registers after SMC calls

On Mon, Aug 1, 2022 at 7:21 PM Abdellatif El Khlifi abdellatif.elkhlifi@arm.com wrote:

set to zero the x0-x17 registers

As per the SMCCC v1.2 spec, unused result and scratch registers can leak information after an SMC call. We can mitigate against this risk by returning zero in each register.

Signed-off-by: Abdellatif El Khlifi abdellatif.elkhlifi@arm.com Cc: Tom Rini trini@konsulko.com Cc: Ilias Apalodimas ilias.apalodimas@linaro.org Cc: Jens Wiklander jens.wiklander@linaro.org

---

arch/arm/cpu/armv8/smccc-call.S | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+)

diff --git a/arch/arm/cpu/armv8/smccc-call.S b/arch/arm/cpu/armv8/smccc-call.S index ec6f299bc9..8ac3e461e4 100644 --- a/arch/arm/cpu/armv8/smccc-call.S +++ b/arch/arm/cpu/armv8/smccc-call.S @@ -84,6 +84,26 @@ ENDPROC(__arm_smccc_hvc) stp x14, x15, [x19, #ARM_SMCCC_1_2_REGS_X14_OFFS] stp x16, x17, [x19, #ARM_SMCCC_1_2_REGS_X16_OFFS]

•   /* x0-x17 registers can leak information after an SMC or HVC call. Let's clear them */
  

•   mov     x0, xzr
  

•   mov     x1, xzr
  

•   mov     x2, xzr
  

•   mov     x3, xzr
  

•   mov     x4, xzr
  

•   mov     x5, xzr
  

•   mov     x6, xzr
  

•   mov     x7, xzr
  

•   mov     x8, xzr
  

•   mov     x9, xzr
  

•   mov     x10, xzr
  

•   mov     x11, xzr
  

•   mov     x12, xzr
  

•   mov     x13, xzr
  

•   mov     x14, xzr
  

•   mov     x15, xzr
  

•   mov     x16, xzr
  

•   mov     x17, xzr
  

Is this information leakage worse than the information leakage from an ordinary C function? My point is, is this needed?

Thanks, Jens

    /* Restore original x19 */
    ldp     xzr, x19, [sp], #16
    ret

-- 2.17.1