aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDimitris Papastamos <dimitris.papastamos@arm.com>2018-03-12 13:27:02 +0000
committerDimitris Papastamos <dimitris.papastamos@arm.com>2018-03-14 11:15:44 +0000
commit3991a6a49f3cf8d0b30a2800428e60454e2f92dd (patch)
tree8af432a51fa27ca1dc415bffee189d50b03ce2c9
parent16b05e94a2d1757cbb98de068c662d58a6919613 (diff)
downloadtrusted-firmware-a-3991a6a49f3cf8d0b30a2800428e60454e2f92dd.tar.gz
Use PFR0 to identify need for mitigation of CVE-2017-5715
If the CSV2 field reads as 1 then branch targets trained in one context cannot affect speculative execution in a different context. In that case skip the workaround on Cortex A72 and A73. Change-Id: Ide24fb6efc77c548e4296295adc38dca87d042ee Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
-rw-r--r--include/lib/cpus/aarch64/cpu_macros.S15
-rw-r--r--lib/cpus/aarch64/cortex_a72.S6
-rw-r--r--lib/cpus/aarch64/cortex_a73.S6
-rw-r--r--lib/cpus/aarch64/cortex_a75.S20
4 files changed, 29 insertions, 18 deletions
diff --git a/include/lib/cpus/aarch64/cpu_macros.S b/include/lib/cpus/aarch64/cpu_macros.S
index ccf530663c..6c3a5b992f 100644
--- a/include/lib/cpus/aarch64/cpu_macros.S
+++ b/include/lib/cpus/aarch64/cpu_macros.S
@@ -229,3 +229,18 @@ CPU_OPS_SIZE = .
#endif
#endif /* __CPU_MACROS_S__ */
+
+ /*
+ * This macro is used on some CPUs to detect if they are vulnerable
+ * to CVE-2017-5715.
+ */
+ .macro cpu_check_csv2 _reg _label
+ mrs \_reg, id_aa64pfr0_el1
+ ubfx \_reg, \_reg, #ID_AA64PFR0_CSV2_SHIFT, #ID_AA64PFR0_CSV2_LENGTH
+ /*
+ * If the field equals to 1 then branch targets trained in one
+ * context cannot affect speculative execution in a different context.
+ */
+ cmp \_reg, #1
+ beq \_label
+ .endm
diff --git a/lib/cpus/aarch64/cortex_a72.S b/lib/cpus/aarch64/cortex_a72.S
index 9633aa8f54..199820ccd3 100644
--- a/lib/cpus/aarch64/cortex_a72.S
+++ b/lib/cpus/aarch64/cortex_a72.S
@@ -98,12 +98,16 @@ func check_errata_859971
endfunc check_errata_859971
func check_errata_cve_2017_5715
+ cpu_check_csv2 x0, 1f
#if WORKAROUND_CVE_2017_5715
mov x0, #ERRATA_APPLIES
#else
mov x0, #ERRATA_MISSING
#endif
ret
+1:
+ mov x0, #ERRATA_NOT_APPLIES
+ ret
endfunc check_errata_cve_2017_5715
/* -------------------------------------------------
@@ -121,8 +125,10 @@ func cortex_a72_reset_func
#endif
#if IMAGE_BL31 && WORKAROUND_CVE_2017_5715
+ cpu_check_csv2 x0, 1f
adr x0, workaround_mmu_runtime_exceptions
msr vbar_el3, x0
+1:
#endif
/* ---------------------------------------------
diff --git a/lib/cpus/aarch64/cortex_a73.S b/lib/cpus/aarch64/cortex_a73.S
index 11680a09dd..63d16f9db1 100644
--- a/lib/cpus/aarch64/cortex_a73.S
+++ b/lib/cpus/aarch64/cortex_a73.S
@@ -37,8 +37,10 @@ endfunc cortex_a73_disable_smp
func cortex_a73_reset_func
#if IMAGE_BL31 && WORKAROUND_CVE_2017_5715
+ cpu_check_csv2 x0, 1f
adr x0, workaround_bpiall_vbar0_runtime_exceptions
msr vbar_el3, x0
+1:
#endif
/* ---------------------------------------------
@@ -115,12 +117,16 @@ func cortex_a73_cluster_pwr_dwn
endfunc cortex_a73_cluster_pwr_dwn
func check_errata_cve_2017_5715
+ cpu_check_csv2 x0, 1f
#if WORKAROUND_CVE_2017_5715
mov x0, #ERRATA_APPLIES
#else
mov x0, #ERRATA_MISSING
#endif
ret
+1:
+ mov x0, #ERRATA_NOT_APPLIES
+ ret
endfunc check_errata_cve_2017_5715
#if REPORT_ERRATA
diff --git a/lib/cpus/aarch64/cortex_a75.S b/lib/cpus/aarch64/cortex_a75.S
index 12ea304d00..d102795167 100644
--- a/lib/cpus/aarch64/cortex_a75.S
+++ b/lib/cpus/aarch64/cortex_a75.S
@@ -12,15 +12,7 @@
func cortex_a75_reset_func
#if IMAGE_BL31 && WORKAROUND_CVE_2017_5715
- mrs x0, id_aa64pfr0_el1
- ubfx x0, x0, #ID_AA64PFR0_CSV2_SHIFT, #ID_AA64PFR0_CSV2_LENGTH
- /*
- * If the field equals to 1 then branch targets trained in one
- * context cannot affect speculative execution in a different context.
- */
- cmp x0, #1
- beq 1f
-
+ cpu_check_csv2 x0, 1f
adr x0, workaround_bpiall_vbar0_runtime_exceptions
msr vbar_el3, x0
1:
@@ -53,15 +45,7 @@ func cortex_a75_reset_func
endfunc cortex_a75_reset_func
func check_errata_cve_2017_5715
- mrs x0, id_aa64pfr0_el1
- ubfx x0, x0, #ID_AA64PFR0_CSV2_SHIFT, #ID_AA64PFR0_CSV2_LENGTH
- /*
- * If the field equals to 1 then branch targets trained in one
- * context cannot affect speculative execution in a different context.
- */
- cmp x0, #1
- beq 1f
-
+ cpu_check_csv2 x0, 1f
#if WORKAROUND_CVE_2017_5715
mov x0, #ERRATA_APPLIES
#else