Use PFR0 to identify need for mitigation of CVE-2017-5715
If the CSV2 field reads as 1 then branch targets trained in one context cannot affect speculative execution in a different context. In that case skip the workaround on Cortex A72 and A73. Change-Id: Ide24fb6efc77c548e4296295adc38dca87d042ee Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
This commit is contained in:
parent
16b05e94a2
commit
3991a6a49f
|
@ -229,3 +229,18 @@ CPU_OPS_SIZE = .
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#endif /* __CPU_MACROS_S__ */
|
#endif /* __CPU_MACROS_S__ */
|
||||||
|
|
||||||
|
/*
|
||||||
|
* This macro is used on some CPUs to detect if they are vulnerable
|
||||||
|
* to CVE-2017-5715.
|
||||||
|
*/
|
||||||
|
.macro cpu_check_csv2 _reg _label
|
||||||
|
mrs \_reg, id_aa64pfr0_el1
|
||||||
|
ubfx \_reg, \_reg, #ID_AA64PFR0_CSV2_SHIFT, #ID_AA64PFR0_CSV2_LENGTH
|
||||||
|
/*
|
||||||
|
* If the field equals to 1 then branch targets trained in one
|
||||||
|
* context cannot affect speculative execution in a different context.
|
||||||
|
*/
|
||||||
|
cmp \_reg, #1
|
||||||
|
beq \_label
|
||||||
|
.endm
|
||||||
|
|
|
@ -98,12 +98,16 @@ func check_errata_859971
|
||||||
endfunc check_errata_859971
|
endfunc check_errata_859971
|
||||||
|
|
||||||
func check_errata_cve_2017_5715
|
func check_errata_cve_2017_5715
|
||||||
|
cpu_check_csv2 x0, 1f
|
||||||
#if WORKAROUND_CVE_2017_5715
|
#if WORKAROUND_CVE_2017_5715
|
||||||
mov x0, #ERRATA_APPLIES
|
mov x0, #ERRATA_APPLIES
|
||||||
#else
|
#else
|
||||||
mov x0, #ERRATA_MISSING
|
mov x0, #ERRATA_MISSING
|
||||||
#endif
|
#endif
|
||||||
ret
|
ret
|
||||||
|
1:
|
||||||
|
mov x0, #ERRATA_NOT_APPLIES
|
||||||
|
ret
|
||||||
endfunc check_errata_cve_2017_5715
|
endfunc check_errata_cve_2017_5715
|
||||||
|
|
||||||
/* -------------------------------------------------
|
/* -------------------------------------------------
|
||||||
|
@ -121,8 +125,10 @@ func cortex_a72_reset_func
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if IMAGE_BL31 && WORKAROUND_CVE_2017_5715
|
#if IMAGE_BL31 && WORKAROUND_CVE_2017_5715
|
||||||
|
cpu_check_csv2 x0, 1f
|
||||||
adr x0, workaround_mmu_runtime_exceptions
|
adr x0, workaround_mmu_runtime_exceptions
|
||||||
msr vbar_el3, x0
|
msr vbar_el3, x0
|
||||||
|
1:
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/* ---------------------------------------------
|
/* ---------------------------------------------
|
||||||
|
|
|
@ -37,8 +37,10 @@ endfunc cortex_a73_disable_smp
|
||||||
|
|
||||||
func cortex_a73_reset_func
|
func cortex_a73_reset_func
|
||||||
#if IMAGE_BL31 && WORKAROUND_CVE_2017_5715
|
#if IMAGE_BL31 && WORKAROUND_CVE_2017_5715
|
||||||
|
cpu_check_csv2 x0, 1f
|
||||||
adr x0, workaround_bpiall_vbar0_runtime_exceptions
|
adr x0, workaround_bpiall_vbar0_runtime_exceptions
|
||||||
msr vbar_el3, x0
|
msr vbar_el3, x0
|
||||||
|
1:
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/* ---------------------------------------------
|
/* ---------------------------------------------
|
||||||
|
@ -115,12 +117,16 @@ func cortex_a73_cluster_pwr_dwn
|
||||||
endfunc cortex_a73_cluster_pwr_dwn
|
endfunc cortex_a73_cluster_pwr_dwn
|
||||||
|
|
||||||
func check_errata_cve_2017_5715
|
func check_errata_cve_2017_5715
|
||||||
|
cpu_check_csv2 x0, 1f
|
||||||
#if WORKAROUND_CVE_2017_5715
|
#if WORKAROUND_CVE_2017_5715
|
||||||
mov x0, #ERRATA_APPLIES
|
mov x0, #ERRATA_APPLIES
|
||||||
#else
|
#else
|
||||||
mov x0, #ERRATA_MISSING
|
mov x0, #ERRATA_MISSING
|
||||||
#endif
|
#endif
|
||||||
ret
|
ret
|
||||||
|
1:
|
||||||
|
mov x0, #ERRATA_NOT_APPLIES
|
||||||
|
ret
|
||||||
endfunc check_errata_cve_2017_5715
|
endfunc check_errata_cve_2017_5715
|
||||||
|
|
||||||
#if REPORT_ERRATA
|
#if REPORT_ERRATA
|
||||||
|
|
|
@ -12,15 +12,7 @@
|
||||||
|
|
||||||
func cortex_a75_reset_func
|
func cortex_a75_reset_func
|
||||||
#if IMAGE_BL31 && WORKAROUND_CVE_2017_5715
|
#if IMAGE_BL31 && WORKAROUND_CVE_2017_5715
|
||||||
mrs x0, id_aa64pfr0_el1
|
cpu_check_csv2 x0, 1f
|
||||||
ubfx x0, x0, #ID_AA64PFR0_CSV2_SHIFT, #ID_AA64PFR0_CSV2_LENGTH
|
|
||||||
/*
|
|
||||||
* If the field equals to 1 then branch targets trained in one
|
|
||||||
* context cannot affect speculative execution in a different context.
|
|
||||||
*/
|
|
||||||
cmp x0, #1
|
|
||||||
beq 1f
|
|
||||||
|
|
||||||
adr x0, workaround_bpiall_vbar0_runtime_exceptions
|
adr x0, workaround_bpiall_vbar0_runtime_exceptions
|
||||||
msr vbar_el3, x0
|
msr vbar_el3, x0
|
||||||
1:
|
1:
|
||||||
|
@ -53,15 +45,7 @@ func cortex_a75_reset_func
|
||||||
endfunc cortex_a75_reset_func
|
endfunc cortex_a75_reset_func
|
||||||
|
|
||||||
func check_errata_cve_2017_5715
|
func check_errata_cve_2017_5715
|
||||||
mrs x0, id_aa64pfr0_el1
|
cpu_check_csv2 x0, 1f
|
||||||
ubfx x0, x0, #ID_AA64PFR0_CSV2_SHIFT, #ID_AA64PFR0_CSV2_LENGTH
|
|
||||||
/*
|
|
||||||
* If the field equals to 1 then branch targets trained in one
|
|
||||||
* context cannot affect speculative execution in a different context.
|
|
||||||
*/
|
|
||||||
cmp x0, #1
|
|
||||||
beq 1f
|
|
||||||
|
|
||||||
#if WORKAROUND_CVE_2017_5715
|
#if WORKAROUND_CVE_2017_5715
|
||||||
mov x0, #ERRATA_APPLIES
|
mov x0, #ERRATA_APPLIES
|
||||||
#else
|
#else
|
||||||
|
|
Loading…
Reference in New Issue