From 1593cae46e03eda613d50a0e1702729fbef9f79e Mon Sep 17 00:00:00 2001 From: Varun Wadekar Date: Tue, 27 Feb 2018 18:30:31 -0800 Subject: [PATCH 1/3] denver: use plat_my_core_pos() to get core position The current functions to disable and enable Dynamic Code Optimizer (DCO) assume that all denver cores are in the same cluster. They ignore AFF1 field of the mpidr_el1 register, which leads to incorect logical core id calculation. This patch calls the platform handler, plat_my_core_pos(), to get the logical core id to disable/enable DCO for the core. Original change by: Krishna Sitaraman Change-Id: I45fbd1f1eb032cc1db677a4fdecc554548b4a830 Signed-off-by: Varun Wadekar --- lib/cpus/aarch64/denver.S | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/lib/cpus/aarch64/denver.S b/lib/cpus/aarch64/denver.S index a981d02c7..caf74d7b9 100644 --- a/lib/cpus/aarch64/denver.S +++ b/lib/cpus/aarch64/denver.S @@ -156,11 +156,12 @@ endfunc denver_disable_ext_debug * ---------------------------------------------------- */ func denver_enable_dco - mrs x0, mpidr_el1 - and x0, x0, #0xF + mov x3, x30 + bl plat_my_core_pos mov x1, #1 lsl x1, x1, x0 msr s3_0_c15_c0_2, x1 + mov x30, x3 ret endfunc denver_enable_dco @@ -170,9 +171,10 @@ endfunc denver_enable_dco */ func denver_disable_dco + mov x3, x30 + /* turn off background work */ - mrs x0, mpidr_el1 - and x0, x0, #0xF + bl plat_my_core_pos mov x1, #1 lsl x1, x1, x0 lsl x2, x1, #16 @@ -186,6 +188,7 @@ func denver_disable_dco and x2, x2, x1 cbnz x2, 1b + mov x30, x3 ret endfunc denver_disable_dco From cf3ed0dcc7127e6e554ca14fc4c07dcfabb5dc8d Mon Sep 17 00:00:00 2001 From: Varun Wadekar Date: Mon, 25 Jun 2018 11:36:47 -0700 Subject: [PATCH 2/3] cpus: denver: reset power state to 'C1' on boot Denver CPUs expect the power state field to be reset to 'C1' during boot. This patch updates the reset handler to reset the ACTLR_.PMSTATE field to 'C1' state during CPU boot. Change-Id: I7cb629627a4dd1a30ec5cbb3a5e90055244fe30c Signed-off-by: Varun Wadekar --- include/lib/cpus/aarch64/denver.h | 8 +++++++- lib/cpus/aarch64/denver.S | 9 +++++++++ 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/include/lib/cpus/aarch64/denver.h b/include/lib/cpus/aarch64/denver.h index d8c4d2e79..f145fbb59 100644 --- a/include/lib/cpus/aarch64/denver.h +++ b/include/lib/cpus/aarch64/denver.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2015-2018, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -20,6 +20,12 @@ /* CPU state ids - implementation defined */ #define DENVER_CPU_STATE_POWER_DOWN U(0x3) +/* Core power management states */ +#define DENVER_CPU_PMSTATE_C1 U(0x1) +#define DENVER_CPU_PMSTATE_C6 U(0x6) +#define DENVER_CPU_PMSTATE_C7 U(0x7) +#define DENVER_CPU_PMSTATE_MASK U(0xF) + #ifndef __ASSEMBLY__ /* Disable Dynamic Code Optimisation */ diff --git a/lib/cpus/aarch64/denver.S b/lib/cpus/aarch64/denver.S index caf74d7b9..c873f2e3e 100644 --- a/lib/cpus/aarch64/denver.S +++ b/lib/cpus/aarch64/denver.S @@ -236,6 +236,15 @@ func denver_reset_func msr vbar_el3, x0 #endif + /* ---------------------------------------------------- + * Reset ACTLR.PMSTATE to C1 state + * ---------------------------------------------------- + */ + mrs x0, actlr_el1 + bic x0, x0, #DENVER_CPU_PMSTATE_MASK + orr x0, x0, #DENVER_CPU_PMSTATE_C1 + msr actlr_el1, x0 + /* ---------------------------------------------------- * Enable dynamic code optimizer (DCO) * ---------------------------------------------------- From 6cf8d65f274b3eb6a377c553656daf713f93713c Mon Sep 17 00:00:00 2001 From: Varun Wadekar Date: Tue, 28 Aug 2018 09:11:30 -0700 Subject: [PATCH 3/3] cpus: denver: Implement static workaround for CVE-2018-3639 For Denver CPUs, this approach enables the mitigation during EL3 initialization, following every PE reset. No mechanism is provided to disable the mitigation at runtime. This approach permanently mitigates the EL3 software stack only. Other software components are responsible to enable it for their exception levels. TF-A implements this approach for the Denver CPUs with DENVER_MIDR_PN3 and earlier: * By setting bit 11 (Disable speculative store buffering) of `ACTLR_EL3` * By setting bit 9 (Disable speculative memory disambiguation) of `ACTLR_EL3` TF-A implements this approach for the Denver CPUs with DENVER_MIDR_PN4 and later: * By setting bit 18 (Disable speculative store buffering) of `ACTLR_EL3` * By setting bit 17 (Disable speculative memory disambiguation) of `ACTLR_EL3` Change-Id: If1de96605ce3f7b0aff5fab2c828e5aecb687555 Signed-off-by: Varun Wadekar --- include/lib/cpus/aarch64/denver.h | 8 ++++++++ lib/cpus/aarch64/denver.S | 29 +++++++++++++++++++++++++++++ 2 files changed, 37 insertions(+) diff --git a/include/lib/cpus/aarch64/denver.h b/include/lib/cpus/aarch64/denver.h index f145fbb59..712a4a437 100644 --- a/include/lib/cpus/aarch64/denver.h +++ b/include/lib/cpus/aarch64/denver.h @@ -20,6 +20,14 @@ /* CPU state ids - implementation defined */ #define DENVER_CPU_STATE_POWER_DOWN U(0x3) +/* Speculative store buffering */ +#define DENVER_CPU_DIS_SSB_EL3 (U(1) << 11) +#define DENVER_PN4_CPU_DIS_SSB_EL3 (U(1) << 18) + +/* Speculative memory disambiguation */ +#define DENVER_CPU_DIS_MD_EL3 (U(1) << 9) +#define DENVER_PN4_CPU_DIS_MD_EL3 (U(1) << 17) + /* Core power management states */ #define DENVER_CPU_PMSTATE_C1 U(0x1) #define DENVER_CPU_PMSTATE_C6 U(0x6) diff --git a/lib/cpus/aarch64/denver.S b/lib/cpus/aarch64/denver.S index c873f2e3e..c377b28b4 100644 --- a/lib/cpus/aarch64/denver.S +++ b/lib/cpus/aarch64/denver.S @@ -211,6 +211,15 @@ func check_errata_cve_2017_5715 ret endfunc check_errata_cve_2017_5715 +func check_errata_cve_2018_3639 +#if WORKAROUND_CVE_2018_3639 + mov x0, #ERRATA_APPLIES +#else + mov x0, #ERRATA_MISSING +#endif + ret +endfunc check_errata_cve_2018_3639 + /* ------------------------------------------------- * The CPU Ops reset function for Denver. * ------------------------------------------------- @@ -236,6 +245,25 @@ func denver_reset_func msr vbar_el3, x0 #endif +#if WORKAROUND_CVE_2018_3639 + /* + * Denver CPUs with DENVER_MIDR_PN3 or earlier, use different + * bits in the ACTLR_EL3 register to disable speculative + * store buffer and memory disambiguation. + */ + mrs x0, midr_el1 + mov_imm x1, DENVER_MIDR_PN4 + cmp x0, x1 + mrs x0, actlr_el3 + mov x1, #(DENVER_CPU_DIS_MD_EL3 | DENVER_CPU_DIS_SSB_EL3) + mov x2, #(DENVER_PN4_CPU_DIS_MD_EL3 | DENVER_PN4_CPU_DIS_SSB_EL3) + csel x3, x1, x2, ne + orr x0, x0, x3 + msr actlr_el3, x0 + isb + dsb sy +#endif + /* ---------------------------------------------------- * Reset ACTLR.PMSTATE to C1 state * ---------------------------------------------------- @@ -294,6 +322,7 @@ func denver_errata_report * checking functions of each errata. */ report_errata WORKAROUND_CVE_2017_5715, denver, cve_2017_5715 + report_errata WORKAROUND_CVE_2018_3639, denver, cve_2018_3639 ldp x8, x30, [sp], #16 ret