You copied the Doc URL to your clipboard.

CSDB

Consumption of Speculative Data Barrier.

Syntax

CSDB

Usage

Consumption of Speculative Data Barrier is a memory barrier that controls Speculative execution and data value prediction. Arm® Compiler supports the mitigation of the Variant 1 mechanism that is described in the whitepaper at Vulnerability of Speculative Processors to Cache Timing Side-Channel Mechanism.

The CSDB instruction allows Speculative execution of:

  • Branch instructions.
  • Instructions that are not a result of data value predictions.
  • Instructions that are the result of PSTATE.{N,Z,C,V} predictions from conditional branch instructions.
  • Instructions that are not a result of predictions of SVE prediction state for any SVE instructions.

The CSDB instruction prevents Speculative execution of:

  • Non-branch instructions.
  • Instructions that are the result of data value predictions.
  • Instructions that are the result of PSTATE.{N,Z,C,V} predictions from instructions other than conditional branch instructions.
  • Instructions that are the result of predictions of SVE prediction state for any SVE instructions.

Examples

The following example shows a code sequence that could result in the processor loading data from an untrusted location that is provided by a user as the result of Speculative execution of instructions:

    CMP  X0, X1
    BGE  out_of_range
    LDRB W4, [X5, X0]   ; load data from list A
                        ; speculative execution of this instruction
                        ; must be prevented
    AND  X4, X4, #1
    LSL  X4, X4, #8
    ADD  X4, X4, #0x200
    CMP  X4, X6
    BGE  out_of_range
    LDRB X7, [X8, X4]   ; load data from list B
out_of_range

In this example:

  • There are two list objects A and B.
  • A contains a list of values that are used to calculate offsets from which data can be loaded from B.
  • X1 is the length of A.
  • X5 is the base address of A.
  • X6 is the length of B.
  • X8 is the base address of B.
  • X0 is an untrusted offset that is provided by a user, and is used to load an element from A.

When X0 is greater-than or equal-to the length of A, it is outside the address range of A. Therefore, the first branch instruction BGE out_of_range is taken, and instructions LDRB W4, [X5, X0] through LDRB X7, [X8, X4] are skipped.

Without a CSDB instruction, these skipped instructions can still be Speculatively executed:

  • If X0 is maliciously set to an incorrect value, then data can be loaded into W4 from an address outside the address range of A.
  • Data can be loaded into X7 from an address outside the address range of B.

To mitigate against these untrusted accesses, add a pair of CSEL and CSDB instructions between the BGE out_of_range and LDRB W4, [X5, X0] instructions as follows:

    CMP  X0, X1
    BGE  out_of_range

    CSEL X0, XZR, X0, GE    ; conditonally clears the untrusted
                            ; offset provided by the user so that
                            ; it cannot affect any other code

    CSDB                    ; new barrier instruction

    LDRB W4, [X5, X0]       ; load data from list A
                            ; speculative execution of this instruction
                            ; is prevented
    AND  X4, X4, #1
    LSL  X4, X4, #8
    ADD  X4, X4, #0x200
    CMP  X4, X6
    BGE  out_of_range
    LDRB X7, [X8, X4]   ; load data from list B
out_of_range
Was this page helpful? Yes No