diff options
| author | Richard Earnshaw <rearnsha@arm.com> | 2021-06-11 16:02:05 +0100 |
|---|---|---|
| committer | Richard Earnshaw <rearnsha@arm.com> | 2021-08-24 11:45:13 +0100 |
| commit | 3929bca9ca95de9d35e82ae8828b188029e3eb70 (patch) | |
| tree | fdf227f6857a911811b0f916b0429794e6006d7e | |
| parent | 79fb2700bdbab4212346d907be6063c5a32d3836 (diff) | |
| download | gcc-3929bca9ca95de9d35e82ae8828b188029e3eb70.zip gcc-3929bca9ca95de9d35e82ae8828b188029e3eb70.tar.gz gcc-3929bca9ca95de9d35e82ae8828b188029e3eb70.tar.bz2 | |
arm: Add command-line option for enabling CVE-2021-35465 mitigation [PR102035]
Add a new option, -mfix-cmse-cve-2021-35465 and document it. Enable it
automatically for cortex-m33, cortex-m35p and cortex-m55.
gcc:
PR target/102035
* config/arm/arm.opt (mfix-cmse-cve-2021-35465): New option.
* doc/invoke.texi (Arm Options): Document it.
* config/arm/arm-cpus.in (quirk_vlldm): New feature bit.
(ALL_QUIRKS): Add quirk_vlldm.
(cortex-m33): Add quirk_vlldm.
(cortex-m35p, cortex-m55): Likewise.
* config/arm/arm.c (arm_option_override): Enable fix_vlldm if
targetting an affected CPU and not explicitly controlled on
the command line.
| -rw-r--r-- | gcc/config/arm/arm-cpus.in | 9 | ||||
| -rw-r--r-- | gcc/config/arm/arm.c | 9 | ||||
| -rw-r--r-- | gcc/config/arm/arm.opt | 4 | ||||
| -rw-r--r-- | gcc/doc/invoke.texi | 9 |
4 files changed, 29 insertions, 2 deletions
diff --git a/gcc/config/arm/arm-cpus.in b/gcc/config/arm/arm-cpus.in index 249995a..bcc9ebe 100644 --- a/gcc/config/arm/arm-cpus.in +++ b/gcc/config/arm/arm-cpus.in @@ -186,6 +186,9 @@ define feature quirk_armv6kz # Cortex-M3 LDRD quirk. define feature quirk_cm3_ldrd +# v8-m/v8.1-m VLLDM errata. +define feature quirk_vlldm + # Don't use .cpu assembly directive define feature quirk_no_asmcpu @@ -322,7 +325,7 @@ define implied vfp_base MVE MVE_FP ALL_FP # architectures. # xscale isn't really a 'quirk', but it isn't an architecture either and we # need to ignore it for matching purposes. -define fgroup ALL_QUIRKS quirk_no_volatile_ce quirk_armv6kz quirk_cm3_ldrd xscale quirk_no_asmcpu +define fgroup ALL_QUIRKS quirk_no_volatile_ce quirk_armv6kz quirk_cm3_ldrd quirk_vlldm xscale quirk_no_asmcpu define fgroup IGNORE_FOR_MULTILIB cdecp0 cdecp1 cdecp2 cdecp3 cdecp4 cdecp5 cdecp6 cdecp7 @@ -1571,6 +1574,7 @@ begin cpu cortex-m33 architecture armv8-m.main+dsp+fp option nofp remove ALL_FP option nodsp remove armv7em + isa quirk_vlldm costs v7m end cpu cortex-m33 @@ -1580,6 +1584,7 @@ begin cpu cortex-m35p architecture armv8-m.main+dsp+fp option nofp remove ALL_FP option nodsp remove armv7em + isa quirk_vlldm costs v7m end cpu cortex-m35p @@ -1591,7 +1596,7 @@ begin cpu cortex-m55 option nomve remove mve mve_float option nofp remove ALL_FP mve_float option nodsp remove MVE mve_float - isa quirk_no_asmcpu + isa quirk_no_asmcpu quirk_vlldm costs v7m vendor 41 end cpu cortex-m55 diff --git a/gcc/config/arm/arm.c b/gcc/config/arm/arm.c index 11dafc7..5c92941 100644 --- a/gcc/config/arm/arm.c +++ b/gcc/config/arm/arm.c @@ -3616,6 +3616,15 @@ arm_option_override (void) fix_cm3_ldrd = 0; } + /* Enable fix_vlldm by default if required. */ + if (fix_vlldm == 2) + { + if (bitmap_bit_p (arm_active_target.isa, isa_bit_quirk_vlldm)) + fix_vlldm = 1; + else + fix_vlldm = 0; + } + /* Hot/Cold partitioning is not currently supported, since we can't handle literal pool placement in that case. */ if (flag_reorder_blocks_and_partition) diff --git a/gcc/config/arm/arm.opt b/gcc/config/arm/arm.opt index 7417b55..a7677ee 100644 --- a/gcc/config/arm/arm.opt +++ b/gcc/config/arm/arm.opt @@ -268,6 +268,10 @@ Target Var(fix_cm3_ldrd) Init(2) Avoid overlapping destination and address registers on LDRD instructions that may trigger Cortex-M3 errata. +mfix-cmse-cve-2021-35465 +Target Var(fix_vlldm) Init(2) +Mitigate issues with VLLDM on some M-profile devices (CVE-2021-35465). + munaligned-access Target Var(unaligned_access) Init(2) Save Enable unaligned word and halfword accesses to packed data. diff --git a/gcc/doc/invoke.texi b/gcc/doc/invoke.texi index a9d56fe..b8f5d9e 100644 --- a/gcc/doc/invoke.texi +++ b/gcc/doc/invoke.texi @@ -808,6 +808,7 @@ Objective-C and Objective-C++ Dialects}. -mverbose-cost-dump @gol -mpure-code @gol -mcmse @gol +-mfix-cmse-cve-2021-35465 @gol -mfdpic} @emph{AVR Options} @@ -20743,6 +20744,14 @@ Generate secure code as per the "ARMv8-M Security Extensions: Requirements on Development Tools Engineering Specification", which can be found on @url{https://developer.arm.com/documentation/ecm0359818/latest/}. +@item -mfix-cmse-cve-2021-35465 +@opindex mfix-cmse-cve-2021-35465 +Mitigate against a potential security issue with the @code{VLLDM} instruction +in some M-profile devices when using CMSE (CVE-2021-365465). This option is +enabled by default when the option @option{-mcpu=} is used with +@code{cortex-m33}, @code{cortex-m35p} or @code{cortex-m55}. The option +@option{-mno-fix-cmse-cve-2021-35465} can be used to disable the mitigation. + @item -mfdpic @itemx -mno-fdpic @opindex mfdpic |