cpu_context_barrier and cpu_speculation_barrier Subroutines

Purpose

Provides protection against speculative execution side-channel attacks.

Library

Standard C Library (libc.a)

Syntax

#include <sys/processor.h>

void cpu_context_barrier (int value)

void cpu_speculation_barrier (void)

Description

The cpu_context_barrier and cpu_speculation_barrier subroutines provide applications with processor-model-dependent mitigation against known speculative-execution vulnerabilities. These subroutines can be used by both 32-bit and 64-bit applications to protect applications against data-dependent storage access and to provide isolation between the trusted and untrusted segments of an application.

Note: Application performance might reduce when the cpu_context_barrier or cpu_speculation_barrier subroutine is used.

The cpu_context_barrier subroutine must be called from within the trusted domain and must be executed at each transition between the trusted domain and the untrusted domain. This subroutine accepts a single parameter that specifies the method in which the subroutine is used. Alternatively, a comprehensive variation of the barrier kernel subroutine can be used for scenarios where it is difficult to distinguish the method in which the subroutine must be used.

The cpu_speculation_barrier subroutine must be called from within the trusted domain before storage is accessed by using addresses that are computed from an untrusted source.

Parameters

Item	Description
value	Specifies the method in which the barrier subroutine is being invoked.

CPU context barrier values

Item	Description
CCB_ENTRY	Specify this value when transitioning into a trusted context domain.
CCB_EXIT	Specify this value when transitioning out of a trusted context domain.
CCB_ALL	Specify this value when transitioning into a trusted context domain or transitioning out of a trusted context domain.

Example

The following example shows how the trusted domain of an application calls an untrusted domain:


int                index;
char               val,
                   udata[];
extern int         max_tdata_index;
extern char        tdata[];

/* Fetch index from untrusted user */
cpu_context_barrier(CCB_EXIT);
index = get_index_from_user(...);
cpu_context_barrier(CCB_ENTRY);

/* Select trusted data from user input */
if (index < max_tdata_index) {
        cpu_speculation_barrier();
        val = tdata[index];
        udata[val]++;
}