blob: ade4270220cc77a01920c560d088798691b04210 [file] [log] [blame]
// Copyright 2021 The Fuchsia Authors
//
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file or at
// https://opensource.org/licenses/MIT
#ifndef ZIRCON_KERNEL_ARCH_X86_CODE_PATCHES_INCLUDE_ARCH_CODE_PATCHES_CASE_ID_H_
#define ZIRCON_KERNEL_ARCH_X86_CODE_PATCHES_INCLUDE_ARCH_CODE_PATCHES_CASE_ID_H_
// Defines x86 code patching case IDs. IDs corresponding to the cases
// involving the wholesale patching of a specific function are expected to be
// defined as `CASE_ID_${NAME}`, where `${NAME}` is the upper-cased version of
// the function name.
// This case serves as a verification that code-patching was performed before
// the kernel was booted, `nop`ing out a trap among the kernel's earliest
// instructions.
#define CASE_ID_SELF_TEST 0
// Addresses `swapgs` speculation attacks (CVE-2019-1125):
// https://software.intel.com/security-software-guidance/advisory-guidance/speculative-behavior-swapgs-and-segment-registers
// Mitigation involves following `swapgs` instances with a load fence;
// mitigation is the default and patching is equivalent to `nop`-ing it out.
#define CASE_ID_SWAPGS_MITIGATION 1
// Addresses MDS and TAA vulnerabilities (CVE-2018-12126, CVE-2018-12127,
// CVE-2018-12130, CVE-2019-11091, and CVE-2019-11135):
// https://www.intel.com/content/www/us/en/architecture-and-technology/mds.html
//
// Mitigation involves making use of the MD_CLEAR feature, when available;
// mitigation is the default and patching is equivalent to `nop`-ing it out.
#define CASE_ID_MDS_TAA_MITIGATION 2
// Encodes a decision between implementations of
// `_x86_user_copy_to_or_from_user()`, in which we try to take advantage of
// optimizations (e.g., in the case when `movsb` is expected to be more
// efficient than `movsq`) and securities (e.g., SMAP) when available.
//
// Note: the "__" is intentional as the function name has a leading underscore.
#define CASE_ID__X86_COPY_TO_OR_FROM_USER 3
// Addresses Branch Target Injection / Spectre Variant 2 attacks
// (CVE-2017-5715) by "retpolines":
// https://software.intel.com/security-software-guidance/advisory-guidance/branch-target-injection
//
// Note: the "___" is intentional as the function name has two leading
// underscores.
#define CASE_ID___X86_INDIRECT_THUNK_R11 4
// Relates to the optimizations available for C string utilities.
//
// Note: the "___" is intentional as the function name has two leading
// underscores.
#define CASE_ID___UNSANITIZED_MEMCPY 5
#define CASE_ID___UNSANITIZED_MEMSET 6
#endif // ZIRCON_KERNEL_ARCH_X86_CODE_PATCHES_INCLUDE_ARCH_CODE_PATCHES_CASE_ID_H_