xref: /rk3399_ARM-atf/docs/security_advisories/security-advisory-tfv-3.rst (revision 12fc6ba73d7191a71bf8b3b611fd3f618ed2f25e) 
14fe91230SJoel Hutton+----------------+-------------------------------------------------------------+
24fe91230SJoel Hutton| Title          | RO memory is always executable at AArch64 Secure EL1        |
34fe91230SJoel Hutton+================+=============================================================+
4*12fc6ba7SPaul Beesley| CVE ID         | `CVE-2017-7563`_                                            |
54fe91230SJoel Hutton+----------------+-------------------------------------------------------------+
64fe91230SJoel Hutton| Date           | 06 Apr 2017                                                 |
74fe91230SJoel Hutton+----------------+-------------------------------------------------------------+
84fe91230SJoel Hutton| Versions       | v1.3 (since `Pull Request #662`_)                           |
94fe91230SJoel Hutton| Affected       |                                                             |
104fe91230SJoel Hutton+----------------+-------------------------------------------------------------+
114fe91230SJoel Hutton| Configurations | AArch64 BL2, TSP or other users of xlat_tables library      |
124fe91230SJoel Hutton| Affected       | executing at AArch64 Secure EL1                             |
134fe91230SJoel Hutton+----------------+-------------------------------------------------------------+
144fe91230SJoel Hutton| Impact         | Unexpected Privilege Escalation                             |
154fe91230SJoel Hutton+----------------+-------------------------------------------------------------+
164fe91230SJoel Hutton| Fix Version    | `Pull Request #924`_                                        |
174fe91230SJoel Hutton+----------------+-------------------------------------------------------------+
184fe91230SJoel Hutton| Credit         | ARM                                                         |
194fe91230SJoel Hutton+----------------+-------------------------------------------------------------+
204fe91230SJoel Hutton
214fe91230SJoel HuttonThe translation table library in ARM Trusted Firmware (TF) (under
224fe91230SJoel Hutton``lib/xlat_tables`` and ``lib/xlat_tables_v2``) provides APIs to help program
234fe91230SJoel Huttontranslation tables in the MMU. The xlat\_tables client specifies its required
244fe91230SJoel Huttonmemory mappings in the form of ``mmap_region`` structures.  Each ``mmap_region``
254fe91230SJoel Huttonhas memory attributes represented by the ``mmap_attr_t`` enumeration type. This
264fe91230SJoel Huttoncontains flags to control data access permissions (``MT_RO``/``MT_RW``) and
274fe91230SJoel Huttoninstruction execution permissions (``MT_EXECUTE``/``MT_EXECUTE_NEVER``). Thus a
284fe91230SJoel Huttonmapping specifying both ``MT_RO`` and ``MT_EXECUTE_NEVER`` should result in a
294fe91230SJoel HuttonRead-Only (RO), non-executable memory region.
304fe91230SJoel Hutton
314fe91230SJoel HuttonThis feature does not work correctly for AArch64 images executing at Secure EL1.
324fe91230SJoel HuttonAny memory region mapped as RO will always be executable, regardless of whether
334fe91230SJoel Huttonthe client specified ``MT_EXECUTE`` or ``MT_EXECUTE_NEVER``.
344fe91230SJoel Hutton
354fe91230SJoel HuttonThe vulnerability is known to affect the BL2 and Test Secure Payload (TSP)
364fe91230SJoel Huttonimages on platforms that enable the ``SEPARATE_CODE_AND_RODATA`` build option,
374fe91230SJoel Huttonwhich includes all ARM standard platforms, and the upstream Xilinx and NVidia
384fe91230SJoel Huttonplatforms. The RO data section for these images on these platforms is
394fe91230SJoel Huttonunexpectedly executable instead of non-executable. Other platforms or
404fe91230SJoel Hutton``xlat_tables`` clients may also be affected.
414fe91230SJoel Hutton
424fe91230SJoel HuttonThe vulnerability primarily manifests itself after `Pull Request #662`_.  Before
434fe91230SJoel Huttonthat, ``xlat_tables`` clients could not specify instruction execution
444fe91230SJoel Huttonpermissions separately to data access permissions. All RO normal memory regions
454fe91230SJoel Huttonwere implicitly executable. Before `Pull Request #662`_.  the vulnerability
464fe91230SJoel Huttonwould only manifest itself for device memory mapped as RO; use of this mapping
474fe91230SJoel Huttonis considered rare, although the upstream QEMU platform uses this mapping when
484fe91230SJoel Huttonthe ``DEVICE2_BASE`` build option is used.
494fe91230SJoel Hutton
504fe91230SJoel HuttonNote that one or more separate vulnerabilities are also required to exploit this
514fe91230SJoel Huttonvulnerability.
524fe91230SJoel Hutton
534fe91230SJoel HuttonThe vulnerability is due to incorrect handling of the execute-never bits in the
544fe91230SJoel Huttontranslation tables. The EL3 translation regime uses a single ``XN`` bit to
554fe91230SJoel Huttondetermine whether a region is executable. The Secure EL1&0 translation regime
564fe91230SJoel Huttonhandles 2 Virtual Address (VA) ranges and so uses 2 bits, ``UXN`` and ``PXN``.
574fe91230SJoel HuttonThe ``xlat_tables`` library only handles the ``XN`` bit, which maps to ``UXN``
584fe91230SJoel Huttonin the Secure EL1&0 regime. As a result, this programs the Secure EL0 execution
594fe91230SJoel Huttonpermissions but always leaves the memory as executable at Secure EL1.
604fe91230SJoel Hutton
614fe91230SJoel HuttonThe vulnerability is mitigated by the following factors:
624fe91230SJoel Hutton
634fe91230SJoel Hutton- The xlat\_tables library ensures that all Read-Write (RW) memory regions are
644fe91230SJoel Hutton  non-executable by setting the ``SCTLR_ELx.WXN`` bit. This overrides any value
654fe91230SJoel Hutton  of the ``XN``, ``UXN`` or ``PXN`` bits in the translation tables. See the
664fe91230SJoel Hutton  ``enable_mmu()`` function:
674fe91230SJoel Hutton
684fe91230SJoel Hutton  .. code:: c
694fe91230SJoel Hutton
704fe91230SJoel Hutton      sctlr = read_sctlr_el##_el();               \
714fe91230SJoel Hutton      sctlr |= SCTLR_WXN_BIT | SCTLR_M_BIT;       \
724fe91230SJoel Hutton
734fe91230SJoel Hutton- AArch32 configurations are unaffected. Here the ``XN`` bit controls execution
744fe91230SJoel Hutton  privileges of the currently executing translation regime, which is the desired
754fe91230SJoel Hutton  behaviour.
764fe91230SJoel Hutton
774fe91230SJoel Hutton- ARM TF EL3 code (for example BL1 and BL31) ensures that all non-secure memory
784fe91230SJoel Hutton  mapped into the secure world is non-executable by setting the ``SCR_EL3.SIF``
794fe91230SJoel Hutton  bit. See the ``el3_arch_init_common`` macro in ``el3_common_macros.S``.
804fe91230SJoel Hutton
81*12fc6ba7SPaul Beesley.. _CVE-2017-7563: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7563
824fe91230SJoel Hutton.. _Pull Request #662: https://github.com/ARM-software/arm-trusted-firmware/pull/662
834fe91230SJoel Hutton.. _Pull Request #924: https://github.com/ARM-software/arm-trusted-firmware/pull/924
84