wa_cve_2017_5715_mmu.S 4.17 KB
Newer Older
1
/*
2
 * Copyright (c) 2017-2018, ARM Limited and Contributors. All rights reserved.
3
4
5
6
7
 *
 * SPDX-License-Identifier: BSD-3-Clause
 */

#include <arch.h>
8
#include <arm_arch_svc.h>
9
10
11
#include <asm_macros.S>
#include <context.h>

12
	.globl	wa_cve_2017_5715_mmu_vbar
13

14
#define ESR_EL3_A64_SMC0	0x5e000000
15
#define ESR_EL3_A32_SMC0	0x4e000000
16

17
vector_base wa_cve_2017_5715_mmu_vbar
18

19
	.macro	apply_cve_2017_5715_wa _is_sync_exception _esr_el3_val
20
	stp	x0, x1, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X0]
21
	mrs	x1, sctlr_el3
22
	/* Disable MMU */
23
	bic	x1, x1, #SCTLR_M_BIT
24
25
	msr	sctlr_el3, x1
	isb
26
27
28
29
30
31
32
33
34
35
	/* Enable MMU */
	orr	x1, x1, #SCTLR_M_BIT
	msr	sctlr_el3, x1
	/*
	 * Defer ISB to avoid synchronizing twice in case we hit
	 * the workaround SMC call which will implicitly synchronize
	 * because of the ERET instruction.
	 */

	/*
36
	 * Ensure SMC is coming from A64/A32 state on #0
37
38
39
40
41
42
43
44
45
46
	 * with W0 = SMCCC_ARCH_WORKAROUND_1
	 *
	 * This sequence evaluates as:
	 *    (W0==SMCCC_ARCH_WORKAROUND_1) ? (ESR_EL3==SMC#0) : (NE)
	 * allowing use of a single branch operation
	 */
	.if \_is_sync_exception
		orr	w1, wzr, #SMCCC_ARCH_WORKAROUND_1
		cmp	w0, w1
		mrs	x0, esr_el3
47
		mov_imm	w1, \_esr_el3_val
48
49
50
51
52
53
54
55
56
57
58
		ccmp	w0, w1, #0, eq
		/* Static predictor will predict a fall through */
		bne	1f
		eret
1:
	.endif

	/*
	 * Synchronize now to enable the MMU.  This is required
	 * to ensure the load pair below reads the data stored earlier.
	 */
59
60
61
62
63
64
65
66
	isb
	ldp	x0, x1, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X0]
	.endm

	/* ---------------------------------------------------------------------
	 * Current EL with SP_EL0 : 0x0 - 0x200
	 * ---------------------------------------------------------------------
	 */
67
vector_entry mmu_sync_exception_sp_el0
68
	b	sync_exception_sp_el0
69
	check_vector_size mmu_sync_exception_sp_el0
70

71
vector_entry mmu_irq_sp_el0
72
	b	irq_sp_el0
73
	check_vector_size mmu_irq_sp_el0
74

75
vector_entry mmu_fiq_sp_el0
76
	b	fiq_sp_el0
77
	check_vector_size mmu_fiq_sp_el0
78

79
vector_entry mmu_serror_sp_el0
80
	b	serror_sp_el0
81
	check_vector_size mmu_serror_sp_el0
82
83
84
85
86

	/* ---------------------------------------------------------------------
	 * Current EL with SP_ELx: 0x200 - 0x400
	 * ---------------------------------------------------------------------
	 */
87
vector_entry mmu_sync_exception_sp_elx
88
	b	sync_exception_sp_elx
89
	check_vector_size mmu_sync_exception_sp_elx
90

91
vector_entry mmu_irq_sp_elx
92
	b	irq_sp_elx
93
	check_vector_size mmu_irq_sp_elx
94

95
vector_entry mmu_fiq_sp_elx
96
	b	fiq_sp_elx
97
	check_vector_size mmu_fiq_sp_elx
98

99
vector_entry mmu_serror_sp_elx
100
	b	serror_sp_elx
101
	check_vector_size mmu_serror_sp_elx
102
103
104
105
106

	/* ---------------------------------------------------------------------
	 * Lower EL using AArch64 : 0x400 - 0x600
	 * ---------------------------------------------------------------------
	 */
107
vector_entry mmu_sync_exception_aarch64
108
	apply_cve_2017_5715_wa _is_sync_exception=1 _esr_el3_val=ESR_EL3_A64_SMC0
109
	b	sync_exception_aarch64
110
	check_vector_size mmu_sync_exception_aarch64
111

112
vector_entry mmu_irq_aarch64
113
	apply_cve_2017_5715_wa _is_sync_exception=0 _esr_el3_val=ESR_EL3_A64_SMC0
114
	b	irq_aarch64
115
	check_vector_size mmu_irq_aarch64
116

117
vector_entry mmu_fiq_aarch64
118
	apply_cve_2017_5715_wa _is_sync_exception=0 _esr_el3_val=ESR_EL3_A64_SMC0
119
	b	fiq_aarch64
120
	check_vector_size mmu_fiq_aarch64
121

122
vector_entry mmu_serror_aarch64
123
	apply_cve_2017_5715_wa _is_sync_exception=0 _esr_el3_val=ESR_EL3_A64_SMC0
124
	b	serror_aarch64
125
	check_vector_size mmu_serror_aarch64
126
127
128
129
130

	/* ---------------------------------------------------------------------
	 * Lower EL using AArch32 : 0x600 - 0x800
	 * ---------------------------------------------------------------------
	 */
131
vector_entry mmu_sync_exception_aarch32
132
	apply_cve_2017_5715_wa _is_sync_exception=1 _esr_el3_val=ESR_EL3_A32_SMC0
133
	b	sync_exception_aarch32
134
	check_vector_size mmu_sync_exception_aarch32
135

136
vector_entry mmu_irq_aarch32
137
	apply_cve_2017_5715_wa _is_sync_exception=0 _esr_el3_val=ESR_EL3_A32_SMC0
138
	b	irq_aarch32
139
	check_vector_size mmu_irq_aarch32
140

141
vector_entry mmu_fiq_aarch32
142
	apply_cve_2017_5715_wa _is_sync_exception=0 _esr_el3_val=ESR_EL3_A32_SMC0
143
	b	fiq_aarch32
144
	check_vector_size mmu_fiq_aarch32
145

146
vector_entry mmu_serror_aarch32
147
	apply_cve_2017_5715_wa _is_sync_exception=0 _esr_el3_val=ESR_EL3_A32_SMC0
148
	b	serror_aarch32
149
	check_vector_size mmu_serror_aarch32