Arm Posts New GCC Compiler Patches Due To New Vulnerability Affecting ARMv8-M TrustZone

Made public on Monday was CVE-2021-35465 as a new security vulnerability affecting various Arm products. For unmitigated (ARMv8-M) hardware, Arm has posted a series of GCC compiler patches for working around the issue.

CVE-2021-35465 is this new Arm processor vulnerability affecting a subset of their designs -- particularly ARMv8-M and ARMv8.1-M products for micro-controllers and other embedded use-cases for TrustZone and more. Per the CVE-2021-35465 disclosure:

Certain Arm products before 2021-08-23 do not properly consider the effect of exceptions on a VLLDM instruction. A Non-secure handler may have read or write access to part of a Secure context. This affects Arm Cortex-M33 r0p0 through r1p0, Arm Cortex-M35P r0, Arm Cortex-M55 r0p0 through r1p0, and Arm China STAR-MC1 (in the STAR SE configuration).

Arm's VLLDM instruction is for the floating-point lazy load multiple restores of the contents of secure floating-point registers protected by VLSTM. Arm's security update for this vulnerability goes on to explain:

On an Arm Cortex-M-based system, when the floating-point unit (FPU) or M-Profile vector extension (MVE) also known as Helium, is implemented, the processor contains thirty-two 32-bit ‘S’ registers, a floating-point status, a control register (FPSCR), and a vector predication register (VPR, only present with MVE). If the Security Extension (TrustZone) is implemented, Secure software can optionally utilize the FPU or MVE features, in this case these registers might contain Secure information.

To reduce the software overhead of saving and restoring Secure context when calling a Non-secure function from the Secure world and prevent the inadvertent creation of a floating-point context, the Armv8-M architecture supports a pair of instructions called VLSTM and VLLDM. These instructions allow the Secure information to be saved and restored automatically only if the Non-secure function being called and also utilized by FPU or Helium feature. The insertion of VLSTM and VLLDM is normally handled by C/C++ compilers.

Recently a vulnerability issue is found in the implementation of VLLDM instruction in the Arm Cortex-M33, Cortex-M35P, Cortex-M55, and Arm China STAR-MC1(STAR SE configuration) processors. If the VLLDM instruction is abandoned due to an exception (for example an interrupt) when it is partially completed, it is possible for subsequent Non-secure handler (which may be a tail chained handler from the original exception) to access and modify the partial restored register values.

Arm has now published a set of GCC patches following their recommended software-based mitigations for this design erratum. The mitigation is enabled on ARM with the -mfix-cmse-cve-2021-35465 compiler option and will be enabled automatically for Cortex M33 / M35P / M55 targets.

The patch series is essentially in two parts. The first two patches are really clean-ups that first address a problem with the RTL in the machine description for VLLDM and VLSTM instructions and then improve the reliability of testing for the availability of CMSE when running the test suite. The remaining patches then implement the mitigation itself and add some additional tests to the testsuite.

This ARMv8-M vulnerability mitigation is also to be back-ported to the current stable GCC 11 and GCC 10 series as well. Patches to the other common ARM compilers are also expected, namely LLVM.