Created attachment 12223 [details] Description of the CPU vulnerability aarch64 CPUs speculate past the SVC instruction creating Spectre-like effects. The equivalent behavior of the ERET instruction was already fixed in Linux, FreeBSD, OpenBSD and Optee OS: https://github.com/torvalds/linux/commit/679db70801da9fda91d26caf13bf5b5ccc74e8e8 https://github.com/freebsd/freebsd/commit/29fb48ace4186a41c409fde52bcf4216e9e50b61 https://github.com/openbsd/src/commit/3a08873ece1cb28ace89fd65e8f3c1375cc98de2 https://github.com/OP-TEE/optee_os/commit/abfd092aa19f9c0251e3d5551e2d68a9ebcfec8a The full report of the vulnerability is in the attachment. The mitigation requires just appending a DSB NSH, ISB sequence after the SVC instruction. That should not bring an additional performance penalty, because the change of exception levels is serializing anyway.
Created attachment 12224 [details] Patch
i waited for some time on the libc-alpha thread but there does not seem to be an explanation what we should mitigate, the proposed fix does not solve the problem described, has significant performance impact and there seems to be no privilege escalation or information leak that glibc might care about. please open a new bug with relevant information if there is something to be done.
Is this related to CVE-2020-13844?
Yes, it is. On Tue, Jun 16, 2020 at 9:15 AM fweimer at redhat dot com <sourceware-bugzilla@sourceware.org> wrote: > > https://sourceware.org/bugzilla/show_bug.cgi?id=25436 > > --- Comment #3 from Florian Weimer <fweimer at redhat dot com> --- > Is this related to CVE-2020-13844? > > -- > You are receiving this mail because: > You reported the bug.