fix(security): workaround for CVE-2022-23960 for Cortex-A57, Cortex-A72
Implements mitigation for Cortex-A72 CPU versions that support the CSV2 feature(from r1p0). It also applies the mitigation for Cortex-A57 CPU. Signed-off-by: Bipin Ravi <bipin.ravi@arm.com> Change-Id: I7cfcf06537710f144f6e849992612033ddd79d33
This commit is contained in:
parent
fdb9166b94
commit
be9121fd31
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright (c) 2015-2019, ARM Limited and Contributors. All rights reserved.
|
||||
* Copyright (c) 2015-2022, ARM Limited and Contributors. All rights reserved.
|
||||
*
|
||||
* SPDX-License-Identifier: BSD-3-Clause
|
||||
*/
|
||||
|
@ -12,6 +12,9 @@
|
|||
/* Cortex-A72 midr for revision 0 */
|
||||
#define CORTEX_A72_MIDR U(0x410FD080)
|
||||
|
||||
/* Cortex-A72 loop count for CVE-2022-23960 mitigation */
|
||||
#define CORTEX_A72_BHB_LOOP_COUNT U(8)
|
||||
|
||||
/*******************************************************************************
|
||||
* CPU Extended Control register specific definitions.
|
||||
******************************************************************************/
|
||||
|
|
|
@ -470,7 +470,12 @@ func cortex_a57_reset_func
|
|||
bl errata_a57_859972_wa
|
||||
#endif
|
||||
|
||||
#if IMAGE_BL31 && WORKAROUND_CVE_2017_5715
|
||||
#if IMAGE_BL31 && ( WORKAROUND_CVE_2017_5715 || WORKAROUND_CVE_2022_23960 )
|
||||
/* ---------------------------------------------------------------
|
||||
* Override vector table & enable existing workaround if either of
|
||||
* the build flags are enabled
|
||||
* ---------------------------------------------------------------
|
||||
*/
|
||||
adr x0, wa_cve_2017_5715_mmu_vbar
|
||||
msr vbar_el3, x0
|
||||
/* isb will be performed before returning from this function */
|
||||
|
@ -506,6 +511,15 @@ func cortex_a57_reset_func
|
|||
ret x19
|
||||
endfunc cortex_a57_reset_func
|
||||
|
||||
func check_errata_cve_2022_23960
|
||||
#if WORKAROUND_CVE_2022_23960
|
||||
mov x0, #ERRATA_APPLIES
|
||||
#else
|
||||
mov x0, #ERRATA_MISSING
|
||||
#endif
|
||||
ret
|
||||
endfunc check_errata_cve_2022_23960
|
||||
|
||||
/* ----------------------------------------------------
|
||||
* The CPU Ops core power down function for Cortex-A57.
|
||||
* ----------------------------------------------------
|
||||
|
@ -630,6 +644,7 @@ func cortex_a57_errata_report
|
|||
report_errata ERRATA_A57_1319537, cortex_a57, 1319537
|
||||
report_errata WORKAROUND_CVE_2017_5715, cortex_a57, cve_2017_5715
|
||||
report_errata WORKAROUND_CVE_2018_3639, cortex_a57, cve_2018_3639
|
||||
report_errata WORKAROUND_CVE_2022_23960, cortex_a57, cve_2022_23960
|
||||
|
||||
ldp x8, x30, [sp], #16
|
||||
ret
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved.
|
||||
* Copyright (c) 2015-2022, ARM Limited and Contributors. All rights reserved.
|
||||
*
|
||||
* SPDX-License-Identifier: BSD-3-Clause
|
||||
*/
|
||||
|
@ -9,6 +9,11 @@
|
|||
#include <cortex_a72.h>
|
||||
#include <cpu_macros.S>
|
||||
#include <plat_macros.S>
|
||||
#include "wa_cve_2022_23960_bhb_vector.S"
|
||||
|
||||
#if WORKAROUND_CVE_2022_23960
|
||||
wa_cve_2022_23960_bhb_vector_table CORTEX_A72_BHB_LOOP_COUNT, cortex_a72
|
||||
#endif /* WORKAROUND_CVE_2022_23960 */
|
||||
|
||||
/* ---------------------------------------------
|
||||
* Disable L1 data cache and unified L2 cache
|
||||
|
@ -133,6 +138,15 @@ func check_errata_1319367
|
|||
ret
|
||||
endfunc check_errata_1319367
|
||||
|
||||
func check_errata_cve_2022_23960
|
||||
#if WORKAROUND_CVE_2022_23960
|
||||
mov x0, #ERRATA_APPLIES
|
||||
#else
|
||||
mov x0, #ERRATA_MISSING
|
||||
#endif
|
||||
ret
|
||||
endfunc check_errata_cve_2022_23960
|
||||
|
||||
/* -------------------------------------------------
|
||||
* The CPU Ops reset function for Cortex-A72.
|
||||
* -------------------------------------------------
|
||||
|
@ -147,13 +161,28 @@ func cortex_a72_reset_func
|
|||
bl errata_a72_859971_wa
|
||||
#endif
|
||||
|
||||
#if IMAGE_BL31 && WORKAROUND_CVE_2017_5715
|
||||
#if IMAGE_BL31 && (WORKAROUND_CVE_2017_5715 || WORKAROUND_CVE_2022_23960)
|
||||
cpu_check_csv2 x0, 1f
|
||||
adr x0, wa_cve_2017_5715_mmu_vbar
|
||||
msr vbar_el3, x0
|
||||
/* isb will be performed before returning from this function */
|
||||
|
||||
/* Skip CVE_2022_23960 mitigation if cve_2017_5715 mitigation applied */
|
||||
b 2f
|
||||
1:
|
||||
#endif
|
||||
#if WORKAROUND_CVE_2022_23960
|
||||
/*
|
||||
* The Cortex-A72 generic vectors are overridden to apply the
|
||||
* mitigation on exception entry from lower ELs for revisions >= r1p0
|
||||
* which has CSV2 implemented.
|
||||
*/
|
||||
adr x0, wa_cve_vbar_cortex_a72
|
||||
msr vbar_el3, x0
|
||||
|
||||
/* isb will be performed before returning from this function */
|
||||
#endif /* WORKAROUND_CVE_2022_23960 */
|
||||
2:
|
||||
#endif /* IMAGE_BL31 && (WORKAROUND_CVE_2017_5715 || WORKAROUND_CVE_2022_23960) */
|
||||
|
||||
#if WORKAROUND_CVE_2018_3639
|
||||
mrs x0, CORTEX_A72_CPUACTLR_EL1
|
||||
|
@ -299,6 +328,7 @@ func cortex_a72_errata_report
|
|||
report_errata ERRATA_A72_1319367, cortex_a72, 1319367
|
||||
report_errata WORKAROUND_CVE_2017_5715, cortex_a72, cve_2017_5715
|
||||
report_errata WORKAROUND_CVE_2018_3639, cortex_a72, cve_2018_3639
|
||||
report_errata WORKAROUND_CVE_2022_23960, cortex_a72, cve_2022_23960
|
||||
|
||||
ldp x8, x30, [sp], #16
|
||||
ret
|
||||
|
|
Loading…
Reference in New Issue