Merge pull request #1305 from dp-arm/dp/smccc

Implement support for v1.2 of firmware interfaces spec (ARM DEN 0070A)

Merge pull request #1305 from dp-arm/dp/smccc
Implement support for v1.2 of firmware interfaces spec (ARM DEN 0070A)
6dd74c5b · davidcunado-arm · GitHub · 16b05e94 · a205a56e · 6dd74c5b
Unverified Commit 6dd74c5b authored Mar 14, 2018 by davidcunado-arm Committed by GitHub Mar 14, 2018
--- a/bl31/bl31.mk
+++ b/bl31/bl31.mk
@@ -61,8 +61,8 @@ BL31_SOURCES		+=	lib/extensions/sve/sve.c
 endif
 ifeq (${WORKAROUND_CVE_2017_5715},1)
-BL31_SOURCES		+=	lib/cpus/aarch64/workaround_cve_2017_5715_mmu.S		\
+BL31_SOURCES		+=	lib/cpus/aarch64/workaround_cve_2017_5715_bpiall.S	\
-				lib/cpus/aarch64/workaround_cve_2017_5715_bpiall.S
+				lib/cpus/aarch64/workaround_cve_2017_5715_mmu.S
 endif
 BL31_LINKERFILE		:=	bl31/bl31.ld.S

--- a/include/lib/cpus/aarch64/cpu_macros.S
+++ b/include/lib/cpus/aarch64/cpu_macros.S
 /*
- * Copyright (c) 2014-2017, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2014-2018, ARM Limited and Contributors. All rights reserved.
 *
 * SPDX-License-Identifier: BSD-3-Clause
 */
@@ -46,6 +46,8 @@ CPU_MIDR: /* cpu_ops midr */
 CPU_RESET_FUNC: /* cpu_ops reset_func */
 	.space  8
 #endif
+CPU_EXTRA1_FUNC:
+	.space	8
 #ifdef IMAGE_BL31 /* The power down core and cluster is needed only in BL31 */
 CPU_PWR_DWN_OPS: /* cpu_ops power down functions */
 	.space  (8 * CPU_MAX_PWR_DWN_OPS)
@@ -113,6 +115,10 @@ CPU_OPS_SIZE = .
 	 * _resetfunc:
 	 *	Reset function for the CPU. If there's no CPU reset function,
 	 *	specify CPU_NO_RESET_FUNC
+	 * _extra1:
+	 *	This is a placeholder for future per CPU operations.  Currently,
+	 *	some CPUs use this entry to set a test function to determine if
+	 *	the workaround for CVE-2017-5715 needs to be applied or not.
 	 * _power_down_ops:
 	 *	Comma-separated list of functions to perform power-down
 	 *	operatios on the CPU. At least one, and up to
@@ -122,8 +128,8 @@ CPU_OPS_SIZE = .
 	 *	CPU_MAX_PWR_DWN_OPS functions, the last specified one will be
 	 *	used to handle power down at subsequent levels
 	 */
-	.macro declare_cpu_ops _name:req, _midr:req, _resetfunc:req, \
+	.macro declare_cpu_ops_base _name:req, _midr:req, _resetfunc:req, \
-		_power_down_ops:vararg
+		_extra1:req, _power_down_ops:vararg
 	.section cpu_ops, "a"
 	.align 3
 	.type cpu_ops_\_name, %object
@@ -131,6 +137,7 @@ CPU_OPS_SIZE = .
 #if defined(IMAGE_AT_EL3)
 	.quad \_resetfunc
 #endif
+	.quad \_extra1
 #ifdef IMAGE_BL31
 1:
 	/* Insert list of functions */
@@ -187,6 +194,18 @@ CPU_OPS_SIZE = .
 #endif
 	.endm
+	.macro declare_cpu_ops _name:req, _midr:req, _resetfunc:req, \
+		_power_down_ops:vararg
+		declare_cpu_ops_base \_name, \_midr, \_resetfunc, 0, \
+			\_power_down_ops
+	.endm
+	.macro declare_cpu_ops_workaround_cve_2017_5715 _name:req, _midr:req, \
+		_resetfunc:req, _extra1:req, _power_down_ops:vararg
+		declare_cpu_ops_base \_name, \_midr, \_resetfunc, \
+			\_extra1, \_power_down_ops
+	.endm
 #if REPORT_ERRATA
 	/*
 	 * Print status of a CPU errata
@@ -229,3 +248,18 @@ CPU_OPS_SIZE = .
 #endif
 #endif /* __CPU_MACROS_S__ */
+	/*
+	 * This macro is used on some CPUs to detect if they are vulnerable
+	 * to CVE-2017-5715.
+	 */
+	.macro	cpu_check_csv2 _reg _label
+	mrs	\_reg, id_aa64pfr0_el1
+	ubfx	\_reg, \_reg, #ID_AA64PFR0_CSV2_SHIFT, #ID_AA64PFR0_CSV2_LENGTH
+	/*
+	 * If the field equals to 1 then branch targets trained in one
+	 * context cannot affect speculative execution in a different context.
+	 */
+	cmp	\_reg, #1
+	beq	\_label
+	.endm
--- a/include/lib/cpus/workaround_cve_2017_5715.h
+++ b/include/lib/cpus/workaround_cve_2017_5715.h
+/*
+ * Copyright (c) 2018, ARM Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+#ifndef __WORKAROUND_CVE_2017_5715_H__
+#define __WORKAROUND_CVE_2017_5715_H__
+int check_workaround_cve_2017_5715(void);
+#endif /* __WORKAROUND_CVE_2017_5715_H__ */
--- a/lib/cpus/aarch64/cortex_a57.S
+++ b/lib/cpus/aarch64/cortex_a57.S
@@ -555,8 +555,8 @@ func cortex_a57_cpu_reg_dump
 	ret
 endfunc cortex_a57_cpu_reg_dump
+declare_cpu_ops_workaround_cve_2017_5715 cortex_a57, CORTEX_A57_MIDR, \
-declare_cpu_ops cortex_a57, CORTEX_A57_MIDR, \
 	cortex_a57_reset_func, \
+	check_errata_cve_2017_5715, \
 	cortex_a57_core_pwr_dwn, \
 	cortex_a57_cluster_pwr_dwn
--- a/lib/cpus/aarch64/cortex_a72.S
+++ b/lib/cpus/aarch64/cortex_a72.S
@@ -98,12 +98,16 @@ func check_errata_859971
 endfunc check_errata_859971
 func check_errata_cve_2017_5715
+	cpu_check_csv2	x0, 1f
 #if WORKAROUND_CVE_2017_5715
 	mov	x0, #ERRATA_APPLIES
 #else
 	mov	x0, #ERRATA_MISSING
 #endif
 	ret
+1:
+	mov	x0, #ERRATA_NOT_APPLIES
+	ret
 endfunc check_errata_cve_2017_5715
 	/* -------------------------------------------------
@@ -121,8 +125,10 @@ func cortex_a72_reset_func
 #endif
 #if IMAGE_BL31 && WORKAROUND_CVE_2017_5715
+	cpu_check_csv2	x0, 1f
 	adr	x0, workaround_mmu_runtime_exceptions
 	msr	vbar_el3, x0
+1:
 #endif
 	/* ---------------------------------------------
@@ -286,8 +292,8 @@ func cortex_a72_cpu_reg_dump
 	ret
 endfunc cortex_a72_cpu_reg_dump
+declare_cpu_ops_workaround_cve_2017_5715 cortex_a72, CORTEX_A72_MIDR, \
-declare_cpu_ops cortex_a72, CORTEX_A72_MIDR, \
 	cortex_a72_reset_func, \
+	check_errata_cve_2017_5715, \
 	cortex_a72_core_pwr_dwn, \
 	cortex_a72_cluster_pwr_dwn
--- a/lib/cpus/aarch64/cortex_a73.S
+++ b/lib/cpus/aarch64/cortex_a73.S
@@ -37,8 +37,10 @@ endfunc cortex_a73_disable_smp
 func cortex_a73_reset_func
 #if IMAGE_BL31 && WORKAROUND_CVE_2017_5715
+	cpu_check_csv2	x0, 1f
 	adr	x0, workaround_bpiall_vbar0_runtime_exceptions
 	msr	vbar_el3, x0
+1:
 #endif
 	/* ---------------------------------------------
@@ -115,12 +117,16 @@ func cortex_a73_cluster_pwr_dwn
 endfunc cortex_a73_cluster_pwr_dwn
 func check_errata_cve_2017_5715
+	cpu_check_csv2	x0, 1f
 #if WORKAROUND_CVE_2017_5715
 	mov	x0, #ERRATA_APPLIES
 #else
 	mov	x0, #ERRATA_MISSING
 #endif
 	ret
+1:
+	mov	x0, #ERRATA_NOT_APPLIES
+	ret
 endfunc check_errata_cve_2017_5715
 #if REPORT_ERRATA
@@ -164,7 +170,8 @@ func cortex_a73_cpu_reg_dump
 	ret
 endfunc cortex_a73_cpu_reg_dump
-declare_cpu_ops cortex_a73, CORTEX_A73_MIDR, \
+declare_cpu_ops_workaround_cve_2017_5715 cortex_a73, CORTEX_A73_MIDR, \
 	cortex_a73_reset_func, \
+	check_errata_cve_2017_5715, \
 	cortex_a73_core_pwr_dwn, \
 	cortex_a73_cluster_pwr_dwn
--- a/lib/cpus/aarch64/cortex_a75.S
+++ b/lib/cpus/aarch64/cortex_a75.S
@@ -12,15 +12,7 @@
 func cortex_a75_reset_func
 #if IMAGE_BL31 && WORKAROUND_CVE_2017_5715
-	mrs	x0, id_aa64pfr0_el1
+	cpu_check_csv2	x0, 1f
-	ubfx	x0, x0, #ID_AA64PFR0_CSV2_SHIFT, #ID_AA64PFR0_CSV2_LENGTH
-	/*
-	 * If the field equals to 1 then branch targets trained in one
-	 * context cannot affect speculative execution in a different context.
-	 */
-	cmp	x0, #1
-	beq	1f
 	adr	x0, workaround_bpiall_vbar0_runtime_exceptions
 	msr	vbar_el3, x0
 1:
@@ -53,15 +45,7 @@ func cortex_a75_reset_func
 endfunc cortex_a75_reset_func
 func check_errata_cve_2017_5715
-	mrs	x0, id_aa64pfr0_el1
+	cpu_check_csv2	x0, 1f
-	ubfx	x0, x0, #ID_AA64PFR0_CSV2_SHIFT, #ID_AA64PFR0_CSV2_LENGTH
-	/*
-	 * If the field equals to 1 then branch targets trained in one
-	 * context cannot affect speculative execution in a different context.
-	 */
-	cmp	x0, #1
-	beq	1f
 #if WORKAROUND_CVE_2017_5715
 	mov	x0, #ERRATA_APPLIES
 #else
@@ -129,6 +113,7 @@ func cortex_a75_cpu_reg_dump
 	ret
 endfunc cortex_a75_cpu_reg_dump
-declare_cpu_ops cortex_a75, CORTEX_A75_MIDR, \
+declare_cpu_ops_workaround_cve_2017_5715 cortex_a75, CORTEX_A75_MIDR, \
 	cortex_a75_reset_func, \
+	check_errata_cve_2017_5715, \
 	cortex_a75_core_pwr_dwn
--- a/lib/cpus/aarch64/cpu_helpers.S
+++ b/lib/cpus/aarch64/cpu_helpers.S
 /*
- * Copyright (c) 2014-2017, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2014-2018, ARM Limited and Contributors. All rights reserved.
 *
 * SPDX-License-Identifier: BSD-3-Clause
 */
@@ -7,9 +7,7 @@
 #include <arch.h>
 #include <asm_macros.S>
 #include <assert_macros.S>
-#if defined(IMAGE_BL31) || (defined(IMAGE_BL2) && BL2_AT_EL3)
 #include <cpu_data.h>
-#endif
 #include <cpu_macros.S>
 #include <debug.h>
 #include <errata_report.h>
@@ -281,3 +279,36 @@ func print_errata_status
 	br	x1
 endfunc print_errata_status
 #endif
+/*
+ * int check_workaround_cve_2017_5715(void);
+ *
+ * This function returns:
+ *  - ERRATA_APPLIES when firmware mitigation is required.
+ *  - ERRATA_NOT_APPLIES when firmware mitigation is _not_ required.
+ *  - ERRATA_MISSING when firmware mitigation would be required but
+ *    is not compiled in.
+ *
+ * NOTE: Must be called only after cpu_ops have been initialized
+ *       in per-CPU data.
+ */
+	.globl	check_workaround_cve_2017_5715
+func check_workaround_cve_2017_5715
+	mrs	x0, tpidr_el3
+#if ENABLE_ASSERTIONS
+	cmp	x0, #0
+	ASM_ASSERT(ne)
+#endif
+	ldr	x0, [x0, #CPU_DATA_CPU_OPS_PTR]
+	ldr	x0, [x0, #CPU_EXTRA1_FUNC]
+	/*
+	 * If the reserved function pointer is NULL, this CPU
+	 * is unaffected by CVE-2017-5715 so bail out.
+	 */
+	cmp	x0, #0
+	beq	1f
+	br	x0
+1:
+	mov	x0, #ERRATA_NOT_APPLIES
+	ret
+endfunc check_workaround_cve_2017_5715
--- a/services/arm_arch_svc/arm_arch_svc_setup.c
+++ b/services/arm_arch_svc/arm_arch_svc_setup.c
@@ -6,9 +6,11 @@
 #include <arm_arch_svc.h>
 #include <debug.h>
+#include <errata_report.h>
 #include <runtime_svc.h>
 #include <smcc.h>
 #include <smcc_helpers.h>
+#include <workaround_cve_2017_5715.h>
 static int32_t smccc_version(void)
 {
@@ -17,14 +19,19 @@ static int32_t smccc_version(void)
 static int32_t smccc_arch_features(u_register_t arg)
 {
+	int ret;
 	switch (arg) {
 	case SMCCC_VERSION:
 	case SMCCC_ARCH_FEATURES:
 		return SMC_OK;
-#if WORKAROUND_CVE_2017_5715
 	case SMCCC_ARCH_WORKAROUND_1:
-		return SMC_OK;
+		ret = check_workaround_cve_2017_5715();
-#endif
+		if (ret == ERRATA_APPLIES)
+			return 0;
+		else if (ret == ERRATA_NOT_APPLIES)
+			return 1;
+		return -1; /* ERRATA_MISSING */
 	default:
 		return SMC_UNK;
 	}