docs/security_advisories/security-advisory-tfv-8.rst

26 When taking an exception to EL3, BL31 saves the CPU context. The aim is to
27 restore it before returning into the lower exception level software that called
28 into the firmware. However, for an SMC exception, the general purpose registers
29 ``x0`` to ``x3`` are not part of the CPU context saved on the stack.
31 As per the `SMC Calling Convention`_, up to 4 values may be returned to the
33 into the CPU context, typically using one of the ``SMC_RETx()`` macros provided
34 in the ``include/lib/aarch64/smccc_helpers.h`` header file.
36 Before returning to the caller, the ``restore_gp_registers()`` function is
37 called. It restores the values of all general purpose registers taken from the
38 CPU context stored on the stack. This includes registers ``x0`` to ``x3``, as
39 can be seen in the ``lib/el3_runtime/aarch64/context.S`` file at line 339
40 (referring to the version of the code as of `commit c385955`_):
45      * This function restores all general purpose registers except x30 from the
46      * CPU context. x30 register must be explicitly restored by the caller.
52 In the case of an SMC handler that does not use all 4 return values, the
53 remaining ones are left unchanged in the CPU context. As a result,
54 ``restore_gp_registers()`` restores the stale values saved by a previous SMC
57 In the presence of multiple normal world SMC clients, this behaviour might leak
58 some of the return values from one client to another. For example, if a victim
61 ``SDEI_EVENT_COMPLETE`` SMC) to get the 4 return values of the victim client.
63 In general, the responsibility for mitigating threats due to the presence of
67 For this reason, TF-A does not save ``x0`` to ``x3`` in the CPU context on an
68 SMC synchronous exception. It has behaved this way since the first version.
72 to assess the impact of this threat.
76 it can sanitise any unused return registers. On the other hand, mitigating this
78 information is leaked through registers ``x0`` to ``x3``, by preserving the
79 register state over the call.
83 ``r3``, as can be seen in the ``include/lib/aarch32/smccc_macros.S`` file at
84 line 19 (referring to the version of the code as of `commit c385955`_):
89      * Macro to save the General purpose registers (r0 - r12), the banked
90      * spsr, lr, sp registers and the `scr` register to the SMC context on entry
91      * due a SMC call. The `lr` of the current mode (monitor) is expected to be
92      * already saved. The `sp` must point to the `smc_ctx_t` to save to.
93      * Additionally, also save the 'pmcr' register as this is updated whilst
94      * executing in the secure world.
97         /* Save r0 - r12 in the SMC context */