From 3991a6a49f3cf8d0b30a2800428e60454e2f92dd Mon Sep 17 00:00:00 2001 From: Dimitris Papastamos <dimitris.papastamos@arm.com> Date: Mon, 12 Mar 2018 13:27:02 +0000 Subject: [PATCH] Use PFR0 to identify need for mitigation of CVE-2017-5715 If the CSV2 field reads as 1 then branch targets trained in one context cannot affect speculative execution in a different context. In that case skip the workaround on Cortex A72 and A73. Change-Id: Ide24fb6efc77c548e4296295adc38dca87d042ee Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com> --- include/lib/cpus/aarch64/cpu_macros.S | 15 +++++++++++++++ lib/cpus/aarch64/cortex_a72.S | 6 ++++++ lib/cpus/aarch64/cortex_a73.S | 6 ++++++ lib/cpus/aarch64/cortex_a75.S | 20 ++------------------ 4 files changed, 29 insertions(+), 18 deletions(-) diff --git a/include/lib/cpus/aarch64/cpu_macros.S b/include/lib/cpus/aarch64/cpu_macros.S index ccf530663..6c3a5b992 100644 --- a/include/lib/cpus/aarch64/cpu_macros.S +++ b/include/lib/cpus/aarch64/cpu_macros.S @@ -229,3 +229,18 @@ CPU_OPS_SIZE = . #endif #endif /* __CPU_MACROS_S__ */ + + /* + * This macro is used on some CPUs to detect if they are vulnerable + * to CVE-2017-5715. + */ + .macro cpu_check_csv2 _reg _label + mrs \_reg, id_aa64pfr0_el1 + ubfx \_reg, \_reg, #ID_AA64PFR0_CSV2_SHIFT, #ID_AA64PFR0_CSV2_LENGTH + /* + * If the field equals to 1 then branch targets trained in one + * context cannot affect speculative execution in a different context. + */ + cmp \_reg, #1 + beq \_label + .endm diff --git a/lib/cpus/aarch64/cortex_a72.S b/lib/cpus/aarch64/cortex_a72.S index 9633aa8f5..199820ccd 100644 --- a/lib/cpus/aarch64/cortex_a72.S +++ b/lib/cpus/aarch64/cortex_a72.S @@ -98,12 +98,16 @@ func check_errata_859971 endfunc check_errata_859971 func check_errata_cve_2017_5715 + cpu_check_csv2 x0, 1f #if WORKAROUND_CVE_2017_5715 mov x0, #ERRATA_APPLIES #else mov x0, #ERRATA_MISSING #endif ret +1: + mov x0, #ERRATA_NOT_APPLIES + ret endfunc check_errata_cve_2017_5715 /* ------------------------------------------------- @@ -121,8 +125,10 @@ func cortex_a72_reset_func #endif #if IMAGE_BL31 && WORKAROUND_CVE_2017_5715 + cpu_check_csv2 x0, 1f adr x0, workaround_mmu_runtime_exceptions msr vbar_el3, x0 +1: #endif /* --------------------------------------------- diff --git a/lib/cpus/aarch64/cortex_a73.S b/lib/cpus/aarch64/cortex_a73.S index 11680a09d..63d16f9db 100644 --- a/lib/cpus/aarch64/cortex_a73.S +++ b/lib/cpus/aarch64/cortex_a73.S @@ -37,8 +37,10 @@ endfunc cortex_a73_disable_smp func cortex_a73_reset_func #if IMAGE_BL31 && WORKAROUND_CVE_2017_5715 + cpu_check_csv2 x0, 1f adr x0, workaround_bpiall_vbar0_runtime_exceptions msr vbar_el3, x0 +1: #endif /* --------------------------------------------- @@ -115,12 +117,16 @@ func cortex_a73_cluster_pwr_dwn endfunc cortex_a73_cluster_pwr_dwn func check_errata_cve_2017_5715 + cpu_check_csv2 x0, 1f #if WORKAROUND_CVE_2017_5715 mov x0, #ERRATA_APPLIES #else mov x0, #ERRATA_MISSING #endif ret +1: + mov x0, #ERRATA_NOT_APPLIES + ret endfunc check_errata_cve_2017_5715 #if REPORT_ERRATA diff --git a/lib/cpus/aarch64/cortex_a75.S b/lib/cpus/aarch64/cortex_a75.S index 12ea304d0..d10279516 100644 --- a/lib/cpus/aarch64/cortex_a75.S +++ b/lib/cpus/aarch64/cortex_a75.S @@ -12,15 +12,7 @@ func cortex_a75_reset_func #if IMAGE_BL31 && WORKAROUND_CVE_2017_5715 - mrs x0, id_aa64pfr0_el1 - ubfx x0, x0, #ID_AA64PFR0_CSV2_SHIFT, #ID_AA64PFR0_CSV2_LENGTH - /* - * If the field equals to 1 then branch targets trained in one - * context cannot affect speculative execution in a different context. - */ - cmp x0, #1 - beq 1f - + cpu_check_csv2 x0, 1f adr x0, workaround_bpiall_vbar0_runtime_exceptions msr vbar_el3, x0 1: @@ -53,15 +45,7 @@ func cortex_a75_reset_func endfunc cortex_a75_reset_func func check_errata_cve_2017_5715 - mrs x0, id_aa64pfr0_el1 - ubfx x0, x0, #ID_AA64PFR0_CSV2_SHIFT, #ID_AA64PFR0_CSV2_LENGTH - /* - * If the field equals to 1 then branch targets trained in one - * context cannot affect speculative execution in a different context. - */ - cmp x0, #1 - beq 1f - + cpu_check_csv2 x0, 1f #if WORKAROUND_CVE_2017_5715 mov x0, #ERRATA_APPLIES #else -- GitLab