xref: /arm-trusted-firmware/docs/security_advisories/security-advisory-tfv-3.rst (revision 91f16700b400a8c0651d24a598fc48ee2997a0d7) 
1*91f16700SchasingluluAdvisory TFV-3 (CVE-2017-7563)
2*91f16700Schasinglulu==============================
3*91f16700Schasinglulu
4*91f16700Schasinglulu+----------------+-------------------------------------------------------------+
5*91f16700Schasinglulu| Title          | RO memory is always executable at AArch64 Secure EL1        |
6*91f16700Schasinglulu+================+=============================================================+
7*91f16700Schasinglulu| CVE ID         | `CVE-2017-7563`_                                            |
8*91f16700Schasinglulu+----------------+-------------------------------------------------------------+
9*91f16700Schasinglulu| Date           | 06 Apr 2017                                                 |
10*91f16700Schasinglulu+----------------+-------------------------------------------------------------+
11*91f16700Schasinglulu| Versions       | v1.3 (since `Pull Request #662`_)                           |
12*91f16700Schasinglulu| Affected       |                                                             |
13*91f16700Schasinglulu+----------------+-------------------------------------------------------------+
14*91f16700Schasinglulu| Configurations | AArch64 BL2, TSP or other users of xlat_tables library      |
15*91f16700Schasinglulu| Affected       | executing at AArch64 Secure EL1                             |
16*91f16700Schasinglulu+----------------+-------------------------------------------------------------+
17*91f16700Schasinglulu| Impact         | Unexpected Privilege Escalation                             |
18*91f16700Schasinglulu+----------------+-------------------------------------------------------------+
19*91f16700Schasinglulu| Fix Version    | `Pull Request #924`_                                        |
20*91f16700Schasinglulu+----------------+-------------------------------------------------------------+
21*91f16700Schasinglulu| Credit         | ARM                                                         |
22*91f16700Schasinglulu+----------------+-------------------------------------------------------------+
23*91f16700Schasinglulu
24*91f16700SchasingluluThe translation table library in ARM Trusted Firmware (TF) (under
25*91f16700Schasinglulu``lib/xlat_tables`` and ``lib/xlat_tables_v2``) provides APIs to help program
26*91f16700Schasinglulutranslation tables in the MMU. The xlat\_tables client specifies its required
27*91f16700Schasinglulumemory mappings in the form of ``mmap_region`` structures.  Each ``mmap_region``
28*91f16700Schasingluluhas memory attributes represented by the ``mmap_attr_t`` enumeration type. This
29*91f16700Schasinglulucontains flags to control data access permissions (``MT_RO``/``MT_RW``) and
30*91f16700Schasingluluinstruction execution permissions (``MT_EXECUTE``/``MT_EXECUTE_NEVER``). Thus a
31*91f16700Schasinglulumapping specifying both ``MT_RO`` and ``MT_EXECUTE_NEVER`` should result in a
32*91f16700SchasingluluRead-Only (RO), non-executable memory region.
33*91f16700Schasinglulu
34*91f16700SchasingluluThis feature does not work correctly for AArch64 images executing at Secure EL1.
35*91f16700SchasingluluAny memory region mapped as RO will always be executable, regardless of whether
36*91f16700Schasingluluthe client specified ``MT_EXECUTE`` or ``MT_EXECUTE_NEVER``.
37*91f16700Schasinglulu
38*91f16700SchasingluluThe vulnerability is known to affect the BL2 and Test Secure Payload (TSP)
39*91f16700Schasingluluimages on platforms that enable the ``SEPARATE_CODE_AND_RODATA`` build option,
40*91f16700Schasingluluwhich includes all ARM standard platforms, and the upstream Xilinx and NVidia
41*91f16700Schasingluluplatforms. The RO data section for these images on these platforms is
42*91f16700Schasingluluunexpectedly executable instead of non-executable. Other platforms or
43*91f16700Schasinglulu``xlat_tables`` clients may also be affected.
44*91f16700Schasinglulu
45*91f16700SchasingluluThe vulnerability primarily manifests itself after `Pull Request #662`_.  Before
46*91f16700Schasingluluthat, ``xlat_tables`` clients could not specify instruction execution
47*91f16700Schasinglulupermissions separately to data access permissions. All RO normal memory regions
48*91f16700Schasingluluwere implicitly executable. Before `Pull Request #662`_.  the vulnerability
49*91f16700Schasingluluwould only manifest itself for device memory mapped as RO; use of this mapping
50*91f16700Schasingluluis considered rare, although the upstream QEMU platform uses this mapping when
51*91f16700Schasingluluthe ``DEVICE2_BASE`` build option is used.
52*91f16700Schasinglulu
53*91f16700SchasingluluNote that one or more separate vulnerabilities are also required to exploit this
54*91f16700Schasingluluvulnerability.
55*91f16700Schasinglulu
56*91f16700SchasingluluThe vulnerability is due to incorrect handling of the execute-never bits in the
57*91f16700Schasinglulutranslation tables. The EL3 translation regime uses a single ``XN`` bit to
58*91f16700Schasingluludetermine whether a region is executable. The Secure EL1&0 translation regime
59*91f16700Schasingluluhandles 2 Virtual Address (VA) ranges and so uses 2 bits, ``UXN`` and ``PXN``.
60*91f16700SchasingluluThe ``xlat_tables`` library only handles the ``XN`` bit, which maps to ``UXN``
61*91f16700Schasingluluin the Secure EL1&0 regime. As a result, this programs the Secure EL0 execution
62*91f16700Schasinglulupermissions but always leaves the memory as executable at Secure EL1.
63*91f16700Schasinglulu
64*91f16700SchasingluluThe vulnerability is mitigated by the following factors:
65*91f16700Schasinglulu
66*91f16700Schasinglulu- The xlat\_tables library ensures that all Read-Write (RW) memory regions are
67*91f16700Schasinglulu  non-executable by setting the ``SCTLR_ELx.WXN`` bit. This overrides any value
68*91f16700Schasinglulu  of the ``XN``, ``UXN`` or ``PXN`` bits in the translation tables. See the
69*91f16700Schasinglulu  ``enable_mmu()`` function:
70*91f16700Schasinglulu
71*91f16700Schasinglulu  ::
72*91f16700Schasinglulu
73*91f16700Schasinglulu      sctlr = read_sctlr_el##_el();               \
74*91f16700Schasinglulu      sctlr |= SCTLR_WXN_BIT | SCTLR_M_BIT;       \
75*91f16700Schasinglulu
76*91f16700Schasinglulu- AArch32 configurations are unaffected. Here the ``XN`` bit controls execution
77*91f16700Schasinglulu  privileges of the currently executing translation regime, which is the desired
78*91f16700Schasinglulu  behaviour.
79*91f16700Schasinglulu
80*91f16700Schasinglulu- ARM TF EL3 code (for example BL1 and BL31) ensures that all non-secure memory
81*91f16700Schasinglulu  mapped into the secure world is non-executable by setting the ``SCR_EL3.SIF``
82*91f16700Schasinglulu  bit. See the ``el3_arch_init_common`` macro in ``el3_common_macros.S``.
83*91f16700Schasinglulu
84*91f16700Schasinglulu.. _CVE-2017-7563: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7563
85*91f16700Schasinglulu.. _Pull Request #662: https://github.com/ARM-software/arm-trusted-firmware/pull/662
86*91f16700Schasinglulu.. _Pull Request #924: https://github.com/ARM-software/arm-trusted-firmware/pull/924
87