Lines Matching refs:to
5 | Title | Not saving x0 to x3 registers can leak information from one |
6 | | Normal World SMC client to another |
19 | | client to another |
26 When taking an exception to EL3, BL31 saves the CPU context. The aim is to
29 ``x0`` to ``x3`` are not part of the CPU context saved on the stack.
31 As per the `SMC Calling Convention`_, up to 4 values may be returned to the
32 caller in registers ``x0`` to ``x3``. In TF-A, these return values are written
36 Before returning to the caller, the ``restore_gp_registers()`` function is
38 CPU context stored on the stack. This includes registers ``x0`` to ``x3``, as
40 (referring to the version of the code as of `commit c385955`_):
55 request (or asynchronous exception to EL3) that used these return values.
58 some of the return values from one client to another. For example, if a victim
61 ``SDEI_EVENT_COMPLETE`` SMC) to get the 4 return values of the victim client.
63 In general, the responsibility for mitigating threats due to the presence of
65 software must trap SMC calls from EL1 software to ensure secure behaviour.
67 For this reason, TF-A does not save ``x0`` to ``x3`` in the CPU context on an
72 to assess the impact of this threat.
75 SMCs it would need to be aware of which return registers contain valid data, so
78 information is leaked through registers ``x0`` to ``x3``, by preserving the
82 ``SP_MIN`` already saves all general purpose registers - including ``r0`` to
84 line 19 (referring to the version of the code as of `commit c385955`_):
89 * Macro to save the General purpose registers (r0 - r12), the banked
90 * spsr, lr, sp registers and the `scr` register to the SMC context on entry
91 * due a SMC call. The `lr` of the current mode (monitor) is expected to be
92 * already saved. The `sp` must point to the `smc_ctx_t` to save to.