Unverified Commit 3481800f authored by Dimitris Papastamos's avatar Dimitris Papastamos Committed by GitHub
Browse files

Merge pull request #1887 from ambroise-arm/av/a76-cve

Cortex-A76: Optimize CVE_2018_3639 workaround
parents 5e5c77db d0d115e2
...@@ -13,20 +13,17 @@ ...@@ -13,20 +13,17 @@
#include <plat_macros.S> #include <plat_macros.S>
#include <services/arm_arch_svc.h> #include <services/arm_arch_svc.h>
#if !DYNAMIC_WORKAROUND_CVE_2018_3639
#error Cortex A76 requires DYNAMIC_WORKAROUND_CVE_2018_3639=1
#endif
#define ESR_EL3_A64_SMC0 0x5e000000 #define ESR_EL3_A64_SMC0 0x5e000000
#define ESR_EL3_A32_SMC0 0x4e000000 #define ESR_EL3_A32_SMC0 0x4e000000
#if DYNAMIC_WORKAROUND_CVE_2018_3639
/* /*
* This macro applies the mitigation for CVE-2018-3639. * This macro applies the mitigation for CVE-2018-3639.
* It implements a fash path where `SMCCC_ARCH_WORKAROUND_2` * It implements a fast path where `SMCCC_ARCH_WORKAROUND_2`
* SMC calls from a lower EL running in AArch32 or AArch64 * SMC calls from a lower EL running in AArch32 or AArch64
* will go through the fast and return early. * will go through the fast and return early.
* *
* The macro saves x2-x3 to the context. In the fast path * The macro saves x2-x3 to the context. In the fast path
* x0-x3 registers do not need to be restored as the calling * x0-x3 registers do not need to be restored as the calling
* context will have saved them. * context will have saved them.
*/ */
...@@ -63,7 +60,7 @@ ...@@ -63,7 +60,7 @@
* When the calling context wants mitigation disabled, * When the calling context wants mitigation disabled,
* we program the mitigation disable function in the * we program the mitigation disable function in the
* CPU context, which gets invoked on subsequent exits from * CPU context, which gets invoked on subsequent exits from
* EL3 via the `el3_exit` function. Otherwise NULL is * EL3 via the `el3_exit` function. Otherwise NULL is
* programmed in the CPU context, which results in caller's * programmed in the CPU context, which results in caller's
* inheriting the EL3 mitigation state (enabled) on subsequent * inheriting the EL3 mitigation state (enabled) on subsequent
* `el3_exit`. * `el3_exit`.
...@@ -82,7 +79,7 @@ ...@@ -82,7 +79,7 @@
.endif .endif
1: 1:
/* /*
* Always enable v4 mitigation during EL3 execution. This is not * Always enable v4 mitigation during EL3 execution. This is not
* required for the fast path above because it does not perform any * required for the fast path above because it does not perform any
* memory loads. * memory loads.
*/ */
...@@ -188,6 +185,7 @@ vector_entry cortex_a76_serror_aarch32 ...@@ -188,6 +185,7 @@ vector_entry cortex_a76_serror_aarch32
apply_cve_2018_3639_wa _is_sync_exception=0 _esr_el3_val=ESR_EL3_A32_SMC0 apply_cve_2018_3639_wa _is_sync_exception=0 _esr_el3_val=ESR_EL3_A32_SMC0
b serror_aarch32 b serror_aarch32
end_vector_entry cortex_a76_serror_aarch32 end_vector_entry cortex_a76_serror_aarch32
#endif /* DYNAMIC_WORKAROUND_CVE_2018_3639 */
/* -------------------------------------------------- /* --------------------------------------------------
* Errata Workaround for Cortex A76 Errata #1073348. * Errata Workaround for Cortex A76 Errata #1073348.
...@@ -319,9 +317,13 @@ func cortex_a76_reset_func ...@@ -319,9 +317,13 @@ func cortex_a76_reset_func
/* If the PE implements SSBS, we don't need the dynamic workaround */ /* If the PE implements SSBS, we don't need the dynamic workaround */
mrs x0, id_aa64pfr1_el1 mrs x0, id_aa64pfr1_el1
lsr x0, x0, #ID_AA64PFR1_EL1_SSBS_SHIFT lsr x0, x0, #ID_AA64PFR1_EL1_SSBS_SHIFT
and x0, x0, #ID_AA64PFR1_EL1_SSBS_MASK and x0, x0, #ID_AA64PFR1_EL1_SSBS_MASK
#if !DYNAMIC_WORKAROUND_CVE_2018_3639 && ENABLE_ASSERTIONS
cmp x0, 0
ASM_ASSERT(ne)
#endif
#if DYNAMIC_WORKAROUND_CVE_2018_3639
cbnz x0, 1f cbnz x0, 1f
mrs x0, CORTEX_A76_CPUACTLR2_EL1 mrs x0, CORTEX_A76_CPUACTLR2_EL1
orr x0, x0, #CORTEX_A76_CPUACTLR2_EL1_DISABLE_LOAD_PASS_STORE orr x0, x0, #CORTEX_A76_CPUACTLR2_EL1_DISABLE_LOAD_PASS_STORE
msr CORTEX_A76_CPUACTLR2_EL1, x0 msr CORTEX_A76_CPUACTLR2_EL1, x0
...@@ -330,16 +332,17 @@ func cortex_a76_reset_func ...@@ -330,16 +332,17 @@ func cortex_a76_reset_func
#ifdef IMAGE_BL31 #ifdef IMAGE_BL31
/* /*
* The Cortex-A76 generic vectors are overwritten to use the vectors * The Cortex-A76 generic vectors are overwritten to use the vectors
* defined above. This is required in order to apply mitigation * defined above. This is required in order to apply mitigation
* against CVE-2018-3639 on exception entry from lower ELs. * against CVE-2018-3639 on exception entry from lower ELs.
*/ */
adr x0, cortex_a76_wa_cve_2018_3639_a76_vbar adr x0, cortex_a76_wa_cve_2018_3639_a76_vbar
msr vbar_el3, x0 msr vbar_el3, x0
isb isb
#endif #endif /* IMAGE_BL31 */
1: 1:
#endif #endif /* DYNAMIC_WORKAROUND_CVE_2018_3639 */
#endif /* WORKAROUND_CVE_2018_3639 */
#if ERRATA_DSU_936184 #if ERRATA_DSU_936184
bl errata_dsu_936184_wa bl errata_dsu_936184_wa
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment