xref: /rk3399_ARM-atf/docs/security_advisories/security-advisory-tfv-3.rst (revision ced1711297347f24fee45e75e73c7767507a0982) 
1267f8085SPaul BeesleyAdvisory TFV-3 (CVE-2017-7563)
2267f8085SPaul Beesley==============================
3267f8085SPaul Beesley
44fe91230SJoel Hutton+----------------+-------------------------------------------------------------+
54fe91230SJoel Hutton| Title          | RO memory is always executable at AArch64 Secure EL1        |
64fe91230SJoel Hutton+================+=============================================================+
712fc6ba7SPaul Beesley| CVE ID         | `CVE-2017-7563`_                                            |
84fe91230SJoel Hutton+----------------+-------------------------------------------------------------+
94fe91230SJoel Hutton| Date           | 06 Apr 2017                                                 |
104fe91230SJoel Hutton+----------------+-------------------------------------------------------------+
114fe91230SJoel Hutton| Versions       | v1.3 (since `Pull Request #662`_)                           |
124fe91230SJoel Hutton| Affected       |                                                             |
134fe91230SJoel Hutton+----------------+-------------------------------------------------------------+
144fe91230SJoel Hutton| Configurations | AArch64 BL2, TSP or other users of xlat_tables library      |
154fe91230SJoel Hutton| Affected       | executing at AArch64 Secure EL1                             |
164fe91230SJoel Hutton+----------------+-------------------------------------------------------------+
174fe91230SJoel Hutton| Impact         | Unexpected Privilege Escalation                             |
184fe91230SJoel Hutton+----------------+-------------------------------------------------------------+
194fe91230SJoel Hutton| Fix Version    | `Pull Request #924`_                                        |
204fe91230SJoel Hutton+----------------+-------------------------------------------------------------+
214fe91230SJoel Hutton| Credit         | ARM                                                         |
224fe91230SJoel Hutton+----------------+-------------------------------------------------------------+
234fe91230SJoel Hutton
244fe91230SJoel HuttonThe translation table library in ARM Trusted Firmware (TF) (under
254fe91230SJoel Hutton``lib/xlat_tables`` and ``lib/xlat_tables_v2``) provides APIs to help program
264fe91230SJoel Huttontranslation tables in the MMU. The xlat\_tables client specifies its required
274fe91230SJoel Huttonmemory mappings in the form of ``mmap_region`` structures.  Each ``mmap_region``
284fe91230SJoel Huttonhas memory attributes represented by the ``mmap_attr_t`` enumeration type. This
294fe91230SJoel Huttoncontains flags to control data access permissions (``MT_RO``/``MT_RW``) and
304fe91230SJoel Huttoninstruction execution permissions (``MT_EXECUTE``/``MT_EXECUTE_NEVER``). Thus a
314fe91230SJoel Huttonmapping specifying both ``MT_RO`` and ``MT_EXECUTE_NEVER`` should result in a
324fe91230SJoel HuttonRead-Only (RO), non-executable memory region.
334fe91230SJoel Hutton
344fe91230SJoel HuttonThis feature does not work correctly for AArch64 images executing at Secure EL1.
354fe91230SJoel HuttonAny memory region mapped as RO will always be executable, regardless of whether
364fe91230SJoel Huttonthe client specified ``MT_EXECUTE`` or ``MT_EXECUTE_NEVER``.
374fe91230SJoel Hutton
384fe91230SJoel HuttonThe vulnerability is known to affect the BL2 and Test Secure Payload (TSP)
394fe91230SJoel Huttonimages on platforms that enable the ``SEPARATE_CODE_AND_RODATA`` build option,
404fe91230SJoel Huttonwhich includes all ARM standard platforms, and the upstream Xilinx and NVidia
414fe91230SJoel Huttonplatforms. The RO data section for these images on these platforms is
424fe91230SJoel Huttonunexpectedly executable instead of non-executable. Other platforms or
434fe91230SJoel Hutton``xlat_tables`` clients may also be affected.
444fe91230SJoel Hutton
454fe91230SJoel HuttonThe vulnerability primarily manifests itself after `Pull Request #662`_.  Before
464fe91230SJoel Huttonthat, ``xlat_tables`` clients could not specify instruction execution
474fe91230SJoel Huttonpermissions separately to data access permissions. All RO normal memory regions
484fe91230SJoel Huttonwere implicitly executable. Before `Pull Request #662`_.  the vulnerability
494fe91230SJoel Huttonwould only manifest itself for device memory mapped as RO; use of this mapping
504fe91230SJoel Huttonis considered rare, although the upstream QEMU platform uses this mapping when
514fe91230SJoel Huttonthe ``DEVICE2_BASE`` build option is used.
524fe91230SJoel Hutton
534fe91230SJoel HuttonNote that one or more separate vulnerabilities are also required to exploit this
544fe91230SJoel Huttonvulnerability.
554fe91230SJoel Hutton
564fe91230SJoel HuttonThe vulnerability is due to incorrect handling of the execute-never bits in the
574fe91230SJoel Huttontranslation tables. The EL3 translation regime uses a single ``XN`` bit to
584fe91230SJoel Huttondetermine whether a region is executable. The Secure EL1&0 translation regime
594fe91230SJoel Huttonhandles 2 Virtual Address (VA) ranges and so uses 2 bits, ``UXN`` and ``PXN``.
604fe91230SJoel HuttonThe ``xlat_tables`` library only handles the ``XN`` bit, which maps to ``UXN``
614fe91230SJoel Huttonin the Secure EL1&0 regime. As a result, this programs the Secure EL0 execution
624fe91230SJoel Huttonpermissions but always leaves the memory as executable at Secure EL1.
634fe91230SJoel Hutton
644fe91230SJoel HuttonThe vulnerability is mitigated by the following factors:
654fe91230SJoel Hutton
664fe91230SJoel Hutton- The xlat\_tables library ensures that all Read-Write (RW) memory regions are
674fe91230SJoel Hutton  non-executable by setting the ``SCTLR_ELx.WXN`` bit. This overrides any value
684fe91230SJoel Hutton  of the ``XN``, ``UXN`` or ``PXN`` bits in the translation tables. See the
694fe91230SJoel Hutton  ``enable_mmu()`` function:
704fe91230SJoel Hutton
71*29c02529SPaul Beesley  ::
724fe91230SJoel Hutton
734fe91230SJoel Hutton      sctlr = read_sctlr_el##_el();               \
744fe91230SJoel Hutton      sctlr |= SCTLR_WXN_BIT | SCTLR_M_BIT;       \
754fe91230SJoel Hutton
764fe91230SJoel Hutton- AArch32 configurations are unaffected. Here the ``XN`` bit controls execution
774fe91230SJoel Hutton  privileges of the currently executing translation regime, which is the desired
784fe91230SJoel Hutton  behaviour.
794fe91230SJoel Hutton
804fe91230SJoel Hutton- ARM TF EL3 code (for example BL1 and BL31) ensures that all non-secure memory
814fe91230SJoel Hutton  mapped into the secure world is non-executable by setting the ``SCR_EL3.SIF``
824fe91230SJoel Hutton  bit. See the ``el3_arch_init_common`` macro in ``el3_common_macros.S``.
834fe91230SJoel Hutton
8412fc6ba7SPaul Beesley.. _CVE-2017-7563: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7563
854fe91230SJoel Hutton.. _Pull Request #662: https://github.com/ARM-software/arm-trusted-firmware/pull/662
864fe91230SJoel Hutton.. _Pull Request #924: https://github.com/ARM-software/arm-trusted-firmware/pull/924
87