aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSoby Mathew <soby.mathew@arm.com>2020-01-24 10:04:10 +0000
committerTrustedFirmware Code Review <review@review.trustedfirmware.org>2020-01-24 10:04:10 +0000
commit5f3ed6aaedac18d37980da13fd0d5ec49ef686fb (patch)
treeee2512633b33c9e207a36c140643d9e4ac609c7b
parent4e1b0b193cad14ad2d67819ab34b3fa58f2e5c04 (diff)
parentf461fe346b728d0e88142fd7b8f2816415af18bc (diff)
downloadtrusted-firmware-a-5f3ed6aaedac18d37980da13fd0d5ec49ef686fb.tar.gz
Merge "Prevent speculative execution past ERET" into integration
-rw-r--r--bl1/aarch64/bl1_exceptions.S4
-rw-r--r--bl2/aarch64/bl2_el3_entrypoint.S4
-rw-r--r--bl31/aarch64/runtime_exceptions.S2
-rw-r--r--bl32/tsp/aarch64/tsp_exceptions.S4
-rw-r--r--include/arch/aarch64/asm_macros.S11
-rw-r--r--lib/cpus/aarch64/cortex_a76.S4
-rw-r--r--lib/cpus/aarch64/neoverse_n1.S4
-rw-r--r--lib/cpus/aarch64/wa_cve_2017_5715_mmu.S4
-rw-r--r--lib/el3_runtime/aarch64/context.S2
-rw-r--r--plat/renesas/rcar/aarch64/plat_helpers.S4
-rw-r--r--services/std_svc/spm_mm/aarch64/spm_mm_shim_exceptions.S4
11 files changed, 28 insertions, 19 deletions
diff --git a/bl1/aarch64/bl1_exceptions.S b/bl1/aarch64/bl1_exceptions.S
index 9bba6eef3..9dc9e6cd5 100644
--- a/bl1/aarch64/bl1_exceptions.S
+++ b/bl1/aarch64/bl1_exceptions.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013-2019, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2020, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -202,7 +202,7 @@ debug_loop:
ldp x4, x5, [x20, #(ENTRY_POINT_INFO_ARGS_OFFSET + 0x20)]
ldp x2, x3, [x20, #(ENTRY_POINT_INFO_ARGS_OFFSET + 0x10)]
ldp x0, x1, [x20, #(ENTRY_POINT_INFO_ARGS_OFFSET + 0x0)]
- eret
+ exception_return
endfunc smc_handler64
unexpected_sync_exception:
diff --git a/bl2/aarch64/bl2_el3_entrypoint.S b/bl2/aarch64/bl2_el3_entrypoint.S
index f97121ef0..2ca6acf28 100644
--- a/bl2/aarch64/bl2_el3_entrypoint.S
+++ b/bl2/aarch64/bl2_el3_entrypoint.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2017-2019, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2017-2020, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -95,5 +95,5 @@ func bl2_run_next_image
ldp x4, x5, [x20, #(ENTRY_POINT_INFO_ARGS_OFFSET + 0x20)]
ldp x2, x3, [x20, #(ENTRY_POINT_INFO_ARGS_OFFSET + 0x10)]
ldp x0, x1, [x20, #(ENTRY_POINT_INFO_ARGS_OFFSET + 0x0)]
- eret
+ exception_return
endfunc bl2_run_next_image
diff --git a/bl31/aarch64/runtime_exceptions.S b/bl31/aarch64/runtime_exceptions.S
index 51f5b7b34..7f739a9aa 100644
--- a/bl31/aarch64/runtime_exceptions.S
+++ b/bl31/aarch64/runtime_exceptions.S
@@ -456,7 +456,7 @@ smc_unknown:
smc_prohibited:
ldr x30, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_LR]
mov x0, #SMC_UNK
- eret
+ exception_return
#if DEBUG
rt_svc_fw_critical_error:
diff --git a/bl32/tsp/aarch64/tsp_exceptions.S b/bl32/tsp/aarch64/tsp_exceptions.S
index ad4b64887..4c6a56a59 100644
--- a/bl32/tsp/aarch64/tsp_exceptions.S
+++ b/bl32/tsp/aarch64/tsp_exceptions.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013-2016, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2020, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -64,7 +64,7 @@
smc #0
interrupt_exit_\label:
restore_caller_regs_and_lr
- eret
+ exception_return
.endm
.globl tsp_exceptions
diff --git a/include/arch/aarch64/asm_macros.S b/include/arch/aarch64/asm_macros.S
index 79e0ad7f3..a7d5a3dd6 100644
--- a/include/arch/aarch64/asm_macros.S
+++ b/include/arch/aarch64/asm_macros.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013-2019, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2020, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -218,4 +218,13 @@
ret
.endm
+ /*
+ * Macro for mitigating against speculative execution beyond ERET.
+ */
+ .macro exception_return
+ eret
+ dsb nsh
+ isb
+ .endm
+
#endif /* ASM_MACROS_S */
diff --git a/lib/cpus/aarch64/cortex_a76.S b/lib/cpus/aarch64/cortex_a76.S
index 868667ebc..baefa4676 100644
--- a/lib/cpus/aarch64/cortex_a76.S
+++ b/lib/cpus/aarch64/cortex_a76.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2017-2019, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2017-2020, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -85,7 +85,7 @@
bic x3, x2, #CORTEX_A76_CPUACTLR2_EL1_DISABLE_LOAD_PASS_STORE
csel x3, x3, x1, eq
msr CORTEX_A76_CPUACTLR2_EL1, x3
- eret /* ERET implies ISB */
+ exception_return /* exception_return contains ISB */
.endif
1:
/*
diff --git a/lib/cpus/aarch64/neoverse_n1.S b/lib/cpus/aarch64/neoverse_n1.S
index faf53a848..d058d98df 100644
--- a/lib/cpus/aarch64/neoverse_n1.S
+++ b/lib/cpus/aarch64/neoverse_n1.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2017-2019, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2017-2020, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -553,7 +553,7 @@ func neoverse_n1_errata_ic_trap_handler
*/
esb
#endif
- eret
+ exception_return
1:
ret
endfunc neoverse_n1_errata_ic_trap_handler
diff --git a/lib/cpus/aarch64/wa_cve_2017_5715_mmu.S b/lib/cpus/aarch64/wa_cve_2017_5715_mmu.S
index 9277cc624..5134ee3f1 100644
--- a/lib/cpus/aarch64/wa_cve_2017_5715_mmu.S
+++ b/lib/cpus/aarch64/wa_cve_2017_5715_mmu.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2017-2018, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2017-2020, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -48,7 +48,7 @@ vector_base wa_cve_2017_5715_mmu_vbar
ccmp w0, w1, #0, eq
/* Static predictor will predict a fall through */
bne 1f
- eret
+ exception_return
1:
.endif
diff --git a/lib/el3_runtime/aarch64/context.S b/lib/el3_runtime/aarch64/context.S
index 1bbd61005..9bd25bac9 100644
--- a/lib/el3_runtime/aarch64/context.S
+++ b/lib/el3_runtime/aarch64/context.S
@@ -534,6 +534,6 @@ func el3_exit
*/
esb
#endif
- eret
+ exception_return
endfunc el3_exit
diff --git a/plat/renesas/rcar/aarch64/plat_helpers.S b/plat/renesas/rcar/aarch64/plat_helpers.S
index 61dd62287..138d98807 100644
--- a/plat/renesas/rcar/aarch64/plat_helpers.S
+++ b/plat/renesas/rcar/aarch64/plat_helpers.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013-2014, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2020, ARM Limited and Contributors. All rights reserved.
* Copyright (c) 2015-2019, Renesas Electronics Corporation. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
@@ -189,7 +189,7 @@ func bl2_enter_bl31
ldp x0, x1, [x20, #ENTRY_POINT_INFO_PC_OFFSET]
msr elr_el3, x0
msr spsr_el3, x1
- eret
+ exception_return
endfunc bl2_enter_bl31
/* -----------------------------------------------------
diff --git a/services/std_svc/spm_mm/aarch64/spm_mm_shim_exceptions.S b/services/std_svc/spm_mm/aarch64/spm_mm_shim_exceptions.S
index dab615012..be4084cfb 100644
--- a/services/std_svc/spm_mm/aarch64/spm_mm_shim_exceptions.S
+++ b/services/std_svc/spm_mm/aarch64/spm_mm_shim_exceptions.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2017-2020, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -87,7 +87,7 @@ vector_entry SynchronousExceptionA64, .spm_shim_exceptions
do_smc:
mrs x30, tpidr_el1
smc #0
- eret
+ exception_return
/* AArch64 system instructions trap are handled as a panic for now */
handle_sys_trap: