1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
|
From 3929bca9ca95de9d35e82ae8828b188029e3eb70 Mon Sep 17 00:00:00 2001
From: Richard Earnshaw <rearnsha@arm.com>
Date: Fri, 11 Jun 2021 16:02:05 +0100
Subject: [PATCH] arm: Add command-line option for enabling CVE-2021-35465
mitigation [PR102035]
Add a new option, -mfix-cmse-cve-2021-35465 and document it. Enable it
automatically for cortex-m33, cortex-m35p and cortex-m55.
gcc:
PR target/102035
* config/arm/arm.opt (mfix-cmse-cve-2021-35465): New option.
* doc/invoke.texi (Arm Options): Document it.
* config/arm/arm-cpus.in (quirk_vlldm): New feature bit.
(ALL_QUIRKS): Add quirk_vlldm.
(cortex-m33): Add quirk_vlldm.
(cortex-m35p, cortex-m55): Likewise.
* config/arm/arm.c (arm_option_override): Enable fix_vlldm if
targetting an affected CPU and not explicitly controlled on
the command line.
CVE: CVE-2021-35465
Upstream-Status: Backport[https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=3929bca9ca95de9d35e82ae8828b188029e3eb70]
Signed-off-by: Pgowda <pgowda.cve@gmail.com>
---
gcc/config/arm/arm-cpus.in | 9 +++++++--
gcc/config/arm/arm.c | 9 +++++++++
gcc/config/arm/arm.opt | 4 ++++
gcc/doc/invoke.texi | 9 +++++++++
4 files changed, 29 insertions(+), 2 deletions(-)
diff --git a/gcc/config/arm/arm.c b/gcc/config/arm/arm.c
--- a/gcc/config/arm/arm.c 2020-07-22 23:35:17.344384552 -0700
+++ b/gcc/config/arm/arm.c 2021-11-11 20:16:19.761241867 -0800
@@ -3595,6 +3595,15 @@ arm_option_override (void)
fix_cm3_ldrd = 0;
}
+ /* Enable fix_vlldm by default if required. */
+ if (fix_vlldm == 2)
+ {
+ if (bitmap_bit_p (arm_active_target.isa, isa_bit_quirk_vlldm))
+ fix_vlldm = 1;
+ else
+ fix_vlldm = 0;
+ }
+
/* Hot/Cold partitioning is not currently supported, since we can't
handle literal pool placement in that case. */
if (flag_reorder_blocks_and_partition)
diff --git a/gcc/config/arm/arm-cpus.in b/gcc/config/arm/arm-cpus.in
--- a/gcc/config/arm/arm-cpus.in 2020-07-22 23:35:17.340384509 -0700
+++ b/gcc/config/arm/arm-cpus.in 2021-11-11 20:17:01.364573561 -0800
@@ -190,6 +190,9 @@ define feature quirk_armv6kz
# Cortex-M3 LDRD quirk.
define feature quirk_cm3_ldrd
+# v8-m/v8.1-m VLLDM errata.
+define feature quirk_vlldm
+
# Don't use .cpu assembly directive
define feature quirk_no_asmcpu
@@ -314,7 +317,7 @@ define fgroup DOTPROD NEON dotprod
# architectures.
# xscale isn't really a 'quirk', but it isn't an architecture either and we
# need to ignore it for matching purposes.
-define fgroup ALL_QUIRKS quirk_no_volatile_ce quirk_armv6kz quirk_cm3_ldrd xscale quirk_no_asmcpu
+define fgroup ALL_QUIRKS quirk_no_volatile_ce quirk_armv6kz quirk_cm3_ldrd quirk_vlldm xscale quirk_no_asmcpu
# Architecture entries
# format:
@@ -1492,6 +1495,7 @@ begin cpu cortex-m33
architecture armv8-m.main+dsp+fp
option nofp remove ALL_FP
option nodsp remove armv7em
+ isa quirk_vlldm
costs v7m
end cpu cortex-m33
@@ -1501,6 +1505,7 @@ begin cpu cortex-m35p
architecture armv8-m.main+dsp+fp
option nofp remove ALL_FP
option nodsp remove armv7em
+ isa quirk_vlldm
costs v7m
end cpu cortex-m35p
@@ -1508,7 +1513,7 @@ begin cpu cortex-m55
cname cortexm55
tune flags LDSCHED
architecture armv8.1-m.main+mve.fp+fp.dp
- isa quirk_no_asmcpu
+ isa quirk_no_asmcpu quirk_vlldm
costs v7m
vendor 41
end cpu cortex-m55
diff --git a/gcc/config/arm/arm.opt b/gcc/config/arm/arm.opt
--- a/gcc/config/arm/arm.opt 2020-07-22 23:35:17.344384552 -0700
+++ b/gcc/config/arm/arm.opt 2021-11-11 20:16:19.761241867 -0800
@@ -271,6 +271,10 @@ Target Report Var(fix_cm3_ldrd) Init(2)
Avoid overlapping destination and address registers on LDRD instructions
that may trigger Cortex-M3 errata.
+mfix-cmse-cve-2021-35465
+Target Var(fix_vlldm) Init(2)
+Mitigate issues with VLLDM on some M-profile devices (CVE-2021-35465).
+
munaligned-access
Target Report Var(unaligned_access) Init(2) Save
Enable unaligned word and halfword accesses to packed data.
diff -upr a/gcc/doc/invoke.texi b/gcc/doc/invoke.texi
--- a/gcc/doc/invoke.texi 2021-11-11 19:30:56.264523105 -0800
+++ b/gcc/doc/invoke.texi 2021-11-11 20:16:19.769241739 -0800
@@ -773,6 +773,7 @@ Objective-C and Objective-C++ Dialects}.
-mverbose-cost-dump @gol
-mpure-code @gol
-mcmse @gol
+-mfix-cmse-cve-2021-35465 @gol
-mfdpic}
@emph{AVR Options}
@@ -21233,6 +21234,14 @@ Use multiply and add/subtract instructio
Do not use multiply and add/subtract instructions.
+@item -mfix-cmse-cve-2021-35465
+@opindex mfix-cmse-cve-2021-35465
+Mitigate against a potential security issue with the @code{VLLDM} instruction
+in some M-profile devices when using CMSE (CVE-2021-365465). This option is
+enabled by default when the option @option{-mcpu=} is used with
+@code{cortex-m33}, @code{cortex-m35p} or @code{cortex-m55}. The option
+@option{-mno-fix-cmse-cve-2021-35465} can be used to disable the mitigation.
+
@item -mfdpic
@opindex mfdpic
|
