zircon/system/ulib/zircon/zircon-syscall-arm64.S - fuchsia - Git at Google

 // Copyright 2017 The Fuchsia Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #include <lib/syscalls/arm64.h>

 .macro zircon_syscall num, name, caller
     mov x16, #\num
     svc #0x0
 // This symbol at the return address identifies this as an approved call site.
     .hidden CODE_SYSRET_\name\()_VIA_\caller
 CODE_SYSRET_\name\()_VIA_\caller\():
     // Speculation: Certain arm64 processors speculate past an SVC instruction, continuing to
     // execute code after it with the pre-SVC register state. Add a barrier sequence after SVC to
     // prevent further speculative execution after the SVC at EL0.
     //
     // We want to prevent EL0 from speculatively executing instructions that follow the SVC because
     // speculatively executing instructions after the SVC with pre-SVC register state could allow
     // an attacker, either in-process or remote, to leak information from this EL0 process. Because
     // the syscall wrapper and SVC implementation are part of the vDSO provided by Fuchsia, the EL0
     // program would have difficulty protecting itself via other (ex: toolchain) mitigations.
     //
     // https://sourceware.org/bugzilla/attachment.cgi?id=12223 for the bug report/details.
     //
     // The barrier is skipped on return, by advancing $PC by 12. It only needs to constrain
     // speculative, not real executions.
 0:  dsb nsh
     isb
     // Add a BRK to the barrier, to 'assert' that its skipped. If this BRK is hit, the 'assert' will
     // trip, visibly, indicating a kernel/vDSO mismatch/error.
     brk 0
 1:
 .ifne 1b - 0b - ARM64_SYSCALL_SPECULATION_BARRIER_SIZE
 .error "code size of speculation barrier is not ARM64_SYSCALL_SPECULATION_BARRIER_SIZE"
 .endif
 .endm

 // CFI aware push and pop macros.
 // SP must always be aligned to 16, so never push just one register.
 .macro push_regpair reg0, reg1
     stp \reg0, \reg1, [sp, #-16]!
     .cfi_adjust_cfa_offset 16
     .cfi_rel_offset \reg0, 0
     .cfi_rel_offset \reg1, 8
 .endm
 .macro pop_regpair reg0, reg1
     ldp \reg0, \reg1, [sp], #16
     .cfi_adjust_cfa_offset -16
     .cfi_same_value \reg0
     .cfi_same_value \reg1
 .endm
	// Copyright 2017 The Fuchsia Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#include <lib/syscalls/arm64.h>

	.macro zircon_syscall num, name, caller
	mov x16, #\num
	svc #0x0
	// This symbol at the return address identifies this as an approved call site.
	.hidden CODE_SYSRET_\name\()_VIA_\caller
	CODE_SYSRET_\name\()_VIA_\caller\():
	// Speculation: Certain arm64 processors speculate past an SVC instruction, continuing to
	// execute code after it with the pre-SVC register state. Add a barrier sequence after SVC to
	// prevent further speculative execution after the SVC at EL0.
	//
	// We want to prevent EL0 from speculatively executing instructions that follow the SVC because
	// speculatively executing instructions after the SVC with pre-SVC register state could allow
	// an attacker, either in-process or remote, to leak information from this EL0 process. Because
	// the syscall wrapper and SVC implementation are part of the vDSO provided by Fuchsia, the EL0
	// program would have difficulty protecting itself via other (ex: toolchain) mitigations.
	//
	// https://sourceware.org/bugzilla/attachment.cgi?id=12223 for the bug report/details.
	//
	// The barrier is skipped on return, by advancing $PC by 12. It only needs to constrain
	// speculative, not real executions.
	0: dsb nsh
	isb
	// Add a BRK to the barrier, to 'assert' that its skipped. If this BRK is hit, the 'assert' will
	// trip, visibly, indicating a kernel/vDSO mismatch/error.
	brk 0
	1:
	.ifne 1b - 0b - ARM64_SYSCALL_SPECULATION_BARRIER_SIZE
	.error "code size of speculation barrier is not ARM64_SYSCALL_SPECULATION_BARRIER_SIZE"
	.endif
	.endm

	// CFI aware push and pop macros.
	// SP must always be aligned to 16, so never push just one register.
	.macro push_regpair reg0, reg1
	stp \reg0, \reg1, [sp, #-16]!
	.cfi_adjust_cfa_offset 16
	.cfi_rel_offset \reg0, 0
	.cfi_rel_offset \reg1, 8
	.endm
	.macro pop_regpair reg0, reg1
	ldp \reg0, \reg1, [sp], #16
	.cfi_adjust_cfa_offset -16
	.cfi_same_value \reg0
	.cfi_same_value \reg1
	.endm