public inbox for gcc-cvs@sourceware.org
help / color / mirror / Atom feed
* [gcc r12-3112] arm: Add command-line option for enabling CVE-2021-35465 mitigation [PR102035]
@ 2021-08-24 10:58 Richard Earnshaw
0 siblings, 0 replies; only message in thread
From: Richard Earnshaw @ 2021-08-24 10:58 UTC (permalink / raw)
To: gcc-cvs
https://gcc.gnu.org/g:3929bca9ca95de9d35e82ae8828b188029e3eb70
commit r12-3112-g3929bca9ca95de9d35e82ae8828b188029e3eb70
Author: Richard Earnshaw <rearnsha@arm.com>
Date: Fri Jun 11 16:02:05 2021 +0100
arm: Add command-line option for enabling CVE-2021-35465 mitigation [PR102035]
Add a new option, -mfix-cmse-cve-2021-35465 and document it. Enable it
automatically for cortex-m33, cortex-m35p and cortex-m55.
gcc:
PR target/102035
* config/arm/arm.opt (mfix-cmse-cve-2021-35465): New option.
* doc/invoke.texi (Arm Options): Document it.
* config/arm/arm-cpus.in (quirk_vlldm): New feature bit.
(ALL_QUIRKS): Add quirk_vlldm.
(cortex-m33): Add quirk_vlldm.
(cortex-m35p, cortex-m55): Likewise.
* config/arm/arm.c (arm_option_override): Enable fix_vlldm if
targetting an affected CPU and not explicitly controlled on
the command line.
Diff:
---
gcc/config/arm/arm-cpus.in | 9 +++++++--
gcc/config/arm/arm.c | 9 +++++++++
gcc/config/arm/arm.opt | 4 ++++
gcc/doc/invoke.texi | 9 +++++++++
4 files changed, 29 insertions(+), 2 deletions(-)
diff --git a/gcc/config/arm/arm-cpus.in b/gcc/config/arm/arm-cpus.in
index 249995a6bca..bcc9ebe9fe0 100644
--- a/gcc/config/arm/arm-cpus.in
+++ b/gcc/config/arm/arm-cpus.in
@@ -186,6 +186,9 @@ define feature quirk_armv6kz
# Cortex-M3 LDRD quirk.
define feature quirk_cm3_ldrd
+# v8-m/v8.1-m VLLDM errata.
+define feature quirk_vlldm
+
# Don't use .cpu assembly directive
define feature quirk_no_asmcpu
@@ -322,7 +325,7 @@ define implied vfp_base MVE MVE_FP ALL_FP
# architectures.
# xscale isn't really a 'quirk', but it isn't an architecture either and we
# need to ignore it for matching purposes.
-define fgroup ALL_QUIRKS quirk_no_volatile_ce quirk_armv6kz quirk_cm3_ldrd xscale quirk_no_asmcpu
+define fgroup ALL_QUIRKS quirk_no_volatile_ce quirk_armv6kz quirk_cm3_ldrd quirk_vlldm xscale quirk_no_asmcpu
define fgroup IGNORE_FOR_MULTILIB cdecp0 cdecp1 cdecp2 cdecp3 cdecp4 cdecp5 cdecp6 cdecp7
@@ -1571,6 +1574,7 @@ begin cpu cortex-m33
architecture armv8-m.main+dsp+fp
option nofp remove ALL_FP
option nodsp remove armv7em
+ isa quirk_vlldm
costs v7m
end cpu cortex-m33
@@ -1580,6 +1584,7 @@ begin cpu cortex-m35p
architecture armv8-m.main+dsp+fp
option nofp remove ALL_FP
option nodsp remove armv7em
+ isa quirk_vlldm
costs v7m
end cpu cortex-m35p
@@ -1591,7 +1596,7 @@ begin cpu cortex-m55
option nomve remove mve mve_float
option nofp remove ALL_FP mve_float
option nodsp remove MVE mve_float
- isa quirk_no_asmcpu
+ isa quirk_no_asmcpu quirk_vlldm
costs v7m
vendor 41
end cpu cortex-m55
diff --git a/gcc/config/arm/arm.c b/gcc/config/arm/arm.c
index 11dafc70067..5c929417f93 100644
--- a/gcc/config/arm/arm.c
+++ b/gcc/config/arm/arm.c
@@ -3616,6 +3616,15 @@ arm_option_override (void)
fix_cm3_ldrd = 0;
}
+ /* Enable fix_vlldm by default if required. */
+ if (fix_vlldm == 2)
+ {
+ if (bitmap_bit_p (arm_active_target.isa, isa_bit_quirk_vlldm))
+ fix_vlldm = 1;
+ else
+ fix_vlldm = 0;
+ }
+
/* Hot/Cold partitioning is not currently supported, since we can't
handle literal pool placement in that case. */
if (flag_reorder_blocks_and_partition)
diff --git a/gcc/config/arm/arm.opt b/gcc/config/arm/arm.opt
index 7417b55122a..a7677eeb45c 100644
--- a/gcc/config/arm/arm.opt
+++ b/gcc/config/arm/arm.opt
@@ -268,6 +268,10 @@ Target Var(fix_cm3_ldrd) Init(2)
Avoid overlapping destination and address registers on LDRD instructions
that may trigger Cortex-M3 errata.
+mfix-cmse-cve-2021-35465
+Target Var(fix_vlldm) Init(2)
+Mitigate issues with VLLDM on some M-profile devices (CVE-2021-35465).
+
munaligned-access
Target Var(unaligned_access) Init(2) Save
Enable unaligned word and halfword accesses to packed data.
diff --git a/gcc/doc/invoke.texi b/gcc/doc/invoke.texi
index a9d56fecf4e..b8f5d9e1cce 100644
--- a/gcc/doc/invoke.texi
+++ b/gcc/doc/invoke.texi
@@ -808,6 +808,7 @@ Objective-C and Objective-C++ Dialects}.
-mverbose-cost-dump @gol
-mpure-code @gol
-mcmse @gol
+-mfix-cmse-cve-2021-35465 @gol
-mfdpic}
@emph{AVR Options}
@@ -20743,6 +20744,14 @@ Generate secure code as per the "ARMv8-M Security Extensions: Requirements on
Development Tools Engineering Specification", which can be found on
@url{https://developer.arm.com/documentation/ecm0359818/latest/}.
+@item -mfix-cmse-cve-2021-35465
+@opindex mfix-cmse-cve-2021-35465
+Mitigate against a potential security issue with the @code{VLLDM} instruction
+in some M-profile devices when using CMSE (CVE-2021-365465). This option is
+enabled by default when the option @option{-mcpu=} is used with
+@code{cortex-m33}, @code{cortex-m35p} or @code{cortex-m55}. The option
+@option{-mno-fix-cmse-cve-2021-35465} can be used to disable the mitigation.
+
@item -mfdpic
@itemx -mno-fdpic
@opindex mfdpic
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2021-08-24 10:58 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-08-24 10:58 [gcc r12-3112] arm: Add command-line option for enabling CVE-2021-35465 mitigation [PR102035] Richard Earnshaw
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).