diff --git a/include/lib/cpus/aarch64/cortex_a72.h b/include/lib/cpus/aarch64/cortex_a72.h index 28b440e19..17776458b 100644 --- a/include/lib/cpus/aarch64/cortex_a72.h +++ b/include/lib/cpus/aarch64/cortex_a72.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015-2019, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2015-2022, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -12,6 +12,9 @@ /* Cortex-A72 midr for revision 0 */ #define CORTEX_A72_MIDR U(0x410FD080) +/* Cortex-A72 loop count for CVE-2022-23960 mitigation */ +#define CORTEX_A72_BHB_LOOP_COUNT U(8) + /******************************************************************************* * CPU Extended Control register specific definitions. ******************************************************************************/ diff --git a/lib/cpus/aarch64/cortex_a57.S b/lib/cpus/aarch64/cortex_a57.S index 8ef0f922a..4120f119e 100644 --- a/lib/cpus/aarch64/cortex_a57.S +++ b/lib/cpus/aarch64/cortex_a57.S @@ -470,7 +470,12 @@ func cortex_a57_reset_func bl errata_a57_859972_wa #endif -#if IMAGE_BL31 && WORKAROUND_CVE_2017_5715 +#if IMAGE_BL31 && ( WORKAROUND_CVE_2017_5715 || WORKAROUND_CVE_2022_23960 ) + /* --------------------------------------------------------------- + * Override vector table & enable existing workaround if either of + * the build flags are enabled + * --------------------------------------------------------------- + */ adr x0, wa_cve_2017_5715_mmu_vbar msr vbar_el3, x0 /* isb will be performed before returning from this function */ @@ -506,6 +511,15 @@ func cortex_a57_reset_func ret x19 endfunc cortex_a57_reset_func +func check_errata_cve_2022_23960 +#if WORKAROUND_CVE_2022_23960 + mov x0, #ERRATA_APPLIES +#else + mov x0, #ERRATA_MISSING +#endif + ret +endfunc check_errata_cve_2022_23960 + /* ---------------------------------------------------- * The CPU Ops core power down function for Cortex-A57. * ---------------------------------------------------- @@ -630,6 +644,7 @@ func cortex_a57_errata_report report_errata ERRATA_A57_1319537, cortex_a57, 1319537 report_errata WORKAROUND_CVE_2017_5715, cortex_a57, cve_2017_5715 report_errata WORKAROUND_CVE_2018_3639, cortex_a57, cve_2018_3639 + report_errata WORKAROUND_CVE_2022_23960, cortex_a57, cve_2022_23960 ldp x8, x30, [sp], #16 ret diff --git a/lib/cpus/aarch64/cortex_a72.S b/lib/cpus/aarch64/cortex_a72.S index aff6072a0..3dc44805e 100644 --- a/lib/cpus/aarch64/cortex_a72.S +++ b/lib/cpus/aarch64/cortex_a72.S @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2015-2022, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -9,6 +9,11 @@ #include #include #include +#include "wa_cve_2022_23960_bhb_vector.S" + +#if WORKAROUND_CVE_2022_23960 + wa_cve_2022_23960_bhb_vector_table CORTEX_A72_BHB_LOOP_COUNT, cortex_a72 +#endif /* WORKAROUND_CVE_2022_23960 */ /* --------------------------------------------- * Disable L1 data cache and unified L2 cache @@ -133,6 +138,15 @@ func check_errata_1319367 ret endfunc check_errata_1319367 +func check_errata_cve_2022_23960 +#if WORKAROUND_CVE_2022_23960 + mov x0, #ERRATA_APPLIES +#else + mov x0, #ERRATA_MISSING +#endif + ret +endfunc check_errata_cve_2022_23960 + /* ------------------------------------------------- * The CPU Ops reset function for Cortex-A72. * ------------------------------------------------- @@ -147,13 +161,28 @@ func cortex_a72_reset_func bl errata_a72_859971_wa #endif -#if IMAGE_BL31 && WORKAROUND_CVE_2017_5715 +#if IMAGE_BL31 && (WORKAROUND_CVE_2017_5715 || WORKAROUND_CVE_2022_23960) cpu_check_csv2 x0, 1f adr x0, wa_cve_2017_5715_mmu_vbar msr vbar_el3, x0 /* isb will be performed before returning from this function */ + + /* Skip CVE_2022_23960 mitigation if cve_2017_5715 mitigation applied */ + b 2f 1: -#endif +#if WORKAROUND_CVE_2022_23960 + /* + * The Cortex-A72 generic vectors are overridden to apply the + * mitigation on exception entry from lower ELs for revisions >= r1p0 + * which has CSV2 implemented. + */ + adr x0, wa_cve_vbar_cortex_a72 + msr vbar_el3, x0 + + /* isb will be performed before returning from this function */ +#endif /* WORKAROUND_CVE_2022_23960 */ +2: +#endif /* IMAGE_BL31 && (WORKAROUND_CVE_2017_5715 || WORKAROUND_CVE_2022_23960) */ #if WORKAROUND_CVE_2018_3639 mrs x0, CORTEX_A72_CPUACTLR_EL1 @@ -299,6 +328,7 @@ func cortex_a72_errata_report report_errata ERRATA_A72_1319367, cortex_a72, 1319367 report_errata WORKAROUND_CVE_2017_5715, cortex_a72, cve_2017_5715 report_errata WORKAROUND_CVE_2018_3639, cortex_a72, cve_2018_3639 + report_errata WORKAROUND_CVE_2022_23960, cortex_a72, cve_2022_23960 ldp x8, x30, [sp], #16 ret