wa_cve_2017_5715_mmu.S 3.89 KB
Newer Older
1
/*
2
 * Copyright (c) 2017-2018, ARM Limited and Contributors. All rights reserved.
3
4
5
6
7
 *
 * SPDX-License-Identifier: BSD-3-Clause
 */

#include <arch.h>
8
#include <arm_arch_svc.h>
9
10
11
#include <asm_macros.S>
#include <context.h>

12
	.globl	wa_cve_2017_5715_mmu_vbar
13

14
15
#define ESR_EL3_A64_SMC0	0x5e000000

16
vector_base wa_cve_2017_5715_mmu_vbar
17

18
	.macro	apply_cve_2017_5715_wa _is_sync_exception
19
	stp	x0, x1, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X0]
20
	mrs	x1, sctlr_el3
21
	/* Disable MMU */
22
	bic	x1, x1, #SCTLR_M_BIT
23
24
	msr	sctlr_el3, x1
	isb
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
	/* Enable MMU */
	orr	x1, x1, #SCTLR_M_BIT
	msr	sctlr_el3, x1
	/*
	 * Defer ISB to avoid synchronizing twice in case we hit
	 * the workaround SMC call which will implicitly synchronize
	 * because of the ERET instruction.
	 */

	/*
	 * Ensure SMC is coming from A64 state on #0
	 * with W0 = SMCCC_ARCH_WORKAROUND_1
	 *
	 * This sequence evaluates as:
	 *    (W0==SMCCC_ARCH_WORKAROUND_1) ? (ESR_EL3==SMC#0) : (NE)
	 * allowing use of a single branch operation
	 */
	.if \_is_sync_exception
		orr	w1, wzr, #SMCCC_ARCH_WORKAROUND_1
		cmp	w0, w1
		mrs	x0, esr_el3
		mov_imm	w1, ESR_EL3_A64_SMC0
		ccmp	w0, w1, #0, eq
		/* Static predictor will predict a fall through */
		bne	1f
		eret
1:
	.endif

	/*
	 * Synchronize now to enable the MMU.  This is required
	 * to ensure the load pair below reads the data stored earlier.
	 */
58
59
60
61
62
63
64
65
	isb
	ldp	x0, x1, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X0]
	.endm

	/* ---------------------------------------------------------------------
	 * Current EL with SP_EL0 : 0x0 - 0x200
	 * ---------------------------------------------------------------------
	 */
66
vector_entry mmu_sync_exception_sp_el0
67
	b	sync_exception_sp_el0
68
	check_vector_size mmu_sync_exception_sp_el0
69

70
vector_entry mmu_irq_sp_el0
71
	b	irq_sp_el0
72
	check_vector_size mmu_irq_sp_el0
73

74
vector_entry mmu_fiq_sp_el0
75
	b	fiq_sp_el0
76
	check_vector_size mmu_fiq_sp_el0
77

78
vector_entry mmu_serror_sp_el0
79
	b	serror_sp_el0
80
	check_vector_size mmu_serror_sp_el0
81
82
83
84
85

	/* ---------------------------------------------------------------------
	 * Current EL with SP_ELx: 0x200 - 0x400
	 * ---------------------------------------------------------------------
	 */
86
vector_entry mmu_sync_exception_sp_elx
87
	b	sync_exception_sp_elx
88
	check_vector_size mmu_sync_exception_sp_elx
89

90
vector_entry mmu_irq_sp_elx
91
	b	irq_sp_elx
92
	check_vector_size mmu_irq_sp_elx
93

94
vector_entry mmu_fiq_sp_elx
95
	b	fiq_sp_elx
96
	check_vector_size mmu_fiq_sp_elx
97

98
vector_entry mmu_serror_sp_elx
99
	b	serror_sp_elx
100
	check_vector_size mmu_serror_sp_elx
101
102
103
104
105

	/* ---------------------------------------------------------------------
	 * Lower EL using AArch64 : 0x400 - 0x600
	 * ---------------------------------------------------------------------
	 */
106
107
vector_entry mmu_sync_exception_aarch64
	apply_cve_2017_5715_wa _is_sync_exception=1
108
	b	sync_exception_aarch64
109
	check_vector_size mmu_sync_exception_aarch64
110

111
112
vector_entry mmu_irq_aarch64
	apply_cve_2017_5715_wa _is_sync_exception=0
113
	b	irq_aarch64
114
	check_vector_size mmu_irq_aarch64
115

116
117
vector_entry mmu_fiq_aarch64
	apply_cve_2017_5715_wa _is_sync_exception=0
118
	b	fiq_aarch64
119
	check_vector_size mmu_fiq_aarch64
120

121
122
vector_entry mmu_serror_aarch64
	apply_cve_2017_5715_wa _is_sync_exception=0
123
	b	serror_aarch64
124
	check_vector_size mmu_serror_aarch64
125
126
127
128
129

	/* ---------------------------------------------------------------------
	 * Lower EL using AArch32 : 0x600 - 0x800
	 * ---------------------------------------------------------------------
	 */
130
131
vector_entry mmu_sync_exception_aarch32
	apply_cve_2017_5715_wa _is_sync_exception=1
132
	b	sync_exception_aarch32
133
	check_vector_size mmu_sync_exception_aarch32
134

135
136
vector_entry mmu_irq_aarch32
	apply_cve_2017_5715_wa _is_sync_exception=0
137
	b	irq_aarch32
138
	check_vector_size mmu_irq_aarch32
139

140
141
vector_entry mmu_fiq_aarch32
	apply_cve_2017_5715_wa _is_sync_exception=0
142
	b	fiq_aarch32
143
	check_vector_size mmu_fiq_aarch32
144

145
146
vector_entry mmu_serror_aarch32
	apply_cve_2017_5715_wa _is_sync_exception=0
147
	b	serror_aarch32
148
	check_vector_size mmu_serror_aarch32