diff options
author | Madhukar Pappireddy <madhukar.pappireddy@arm.com> | 2022-05-12 20:24:10 +0200 |
---|---|---|
committer | TrustedFirmware Code Review <review@review.trustedfirmware.org> | 2022-05-12 20:24:10 +0200 |
commit | 15e498de74cbbc5f485f4af90593438b9b33baf9 (patch) | |
tree | 710976cb0b285b1cadc13fbe877cc1417a773e22 /lib | |
parent | 1d41fffff7ddccaf18176a45b2455ede7997a161 (diff) | |
parent | c2a15217c3053117f4d39233002cb1830fa96670 (diff) | |
download | trusted-firmware-a-15e498de74cbbc5f485f4af90593438b9b33baf9.tar.gz |
Merge "fix(security): workaround for CVE-2022-23960" into integration
Diffstat (limited to 'lib')
-rw-r--r-- | lib/cpus/aarch64/cortex_hunter.S | 38 | ||||
-rw-r--r-- | lib/cpus/aarch64/cortex_makalu.S | 38 | ||||
-rw-r--r-- | lib/cpus/aarch64/cortex_makalu_elp_arm.S | 52 | ||||
-rw-r--r-- | lib/cpus/aarch64/neoverse_demeter.S | 51 | ||||
-rw-r--r-- | lib/cpus/aarch64/neoverse_poseidon.S | 50 |
5 files changed, 204 insertions, 25 deletions
diff --git a/lib/cpus/aarch64/cortex_hunter.S b/lib/cpus/aarch64/cortex_hunter.S index 2ab4296153..973637e443 100644 --- a/lib/cpus/aarch64/cortex_hunter.S +++ b/lib/cpus/aarch64/cortex_hunter.S @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021, Arm Limited. All rights reserved. + * Copyright (c) 2021-2022, Arm Limited. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -10,6 +10,7 @@ #include <cortex_hunter.h> #include <cpu_macros.S> #include <plat_macros.S> +#include "wa_cve_2022_23960_bhb_vector.S" /* Hardware handled coherency */ #if HW_ASSISTED_COHERENCY == 0 @@ -21,9 +22,32 @@ #error "Cortex Hunter supports only AArch64. Compile with CTX_INCLUDE_AARCH32_REGS=0" #endif +#if WORKAROUND_CVE_2022_23960 + wa_cve_2022_23960_bhb_vector_table CORTEX_HUNTER_BHB_LOOP_COUNT, cortex_hunter +#endif /* WORKAROUND_CVE_2022_23960 */ + +func check_errata_cve_2022_23960 +#if WORKAROUND_CVE_2022_23960 + mov x0, #ERRATA_APPLIES +#else + mov x0, #ERRATA_MISSING +#endif + ret +endfunc check_errata_cve_2022_23960 + func cortex_hunter_reset_func /* Disable speculative loads */ msr SSBS, xzr + +#if IMAGE_BL31 && WORKAROUND_CVE_2022_23960 + /* + * The Cortex Hunter generic vectors are overridden to apply errata + * mitigation on exception entry from lower ELs. + */ + adr x0, wa_cve_vbar_cortex_hunter + msr vbar_el3, x0 +#endif /* IMAGE_BL31 && WORKAROUND_CVE_2022_23960 */ + isb ret endfunc cortex_hunter_reset_func @@ -49,6 +73,18 @@ endfunc cortex_hunter_core_pwr_dwn * Errata printing function for Cortex Hunter. Must follow AAPCS. */ func cortex_hunter_errata_report + stp x8, x30, [sp, #-16]! + + bl cpu_get_rev_var + mov x8, x0 + + /* + * Report all errata. The revision-variant information is passed to + * checking functions of each errata. + */ + report_errata WORKAROUND_CVE_2022_23960, cortex_hunter, cve_2022_23960 + + ldp x8, x30, [sp], #16 ret endfunc cortex_hunter_errata_report #endif diff --git a/lib/cpus/aarch64/cortex_makalu.S b/lib/cpus/aarch64/cortex_makalu.S index 98c7d6dfc7..7603210c5e 100644 --- a/lib/cpus/aarch64/cortex_makalu.S +++ b/lib/cpus/aarch64/cortex_makalu.S @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021, Arm Limited. All rights reserved. + * Copyright (c) 2021-2022, Arm Limited. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -10,6 +10,7 @@ #include <cortex_makalu.h> #include <cpu_macros.S> #include <plat_macros.S> +#include "wa_cve_2022_23960_bhb_vector.S" /* Hardware handled coherency */ #if HW_ASSISTED_COHERENCY == 0 @@ -21,9 +22,32 @@ #error "Cortex Makalu supports only AArch64. Compile with CTX_INCLUDE_AARCH32_REGS=0" #endif +#if WORKAROUND_CVE_2022_23960 + wa_cve_2022_23960_bhb_vector_table CORTEX_MAKALU_BHB_LOOP_COUNT, cortex_makalu +#endif /* WORKAROUND_CVE_2022_23960 */ + +func check_errata_cve_2022_23960 +#if WORKAROUND_CVE_2022_23960 + mov x0, #ERRATA_APPLIES +#else + mov x0, #ERRATA_MISSING +#endif + ret +endfunc check_errata_cve_2022_23960 + func cortex_makalu_reset_func /* Disable speculative loads */ msr SSBS, xzr + +#if IMAGE_BL31 && WORKAROUND_CVE_2022_23960 + /* + * The Cortex Makalu generic vectors are overridden to apply errata + * mitigation on exception entry from lower ELs. + */ + adr x0, wa_cve_vbar_cortex_makalu + msr vbar_el3, x0 +#endif /* IMAGE_BL31 && WORKAROUND_CVE_2022_23960 */ + isb ret endfunc cortex_makalu_reset_func @@ -49,6 +73,18 @@ endfunc cortex_makalu_core_pwr_dwn * Errata printing function for Cortex Makalu. Must follow AAPCS. */ func cortex_makalu_errata_report + stp x8, x30, [sp, #-16]! + + bl cpu_get_rev_var + mov x8, x0 + + /* + * Report all errata. The revision-variant information is passed to + * checking functions of each errata. + */ + report_errata WORKAROUND_CVE_2022_23960, cortex_makalu, cve_2022_23960 + + ldp x8, x30, [sp], #16 ret endfunc cortex_makalu_errata_report #endif diff --git a/lib/cpus/aarch64/cortex_makalu_elp_arm.S b/lib/cpus/aarch64/cortex_makalu_elp_arm.S index fbbf205010..f4d2df09c2 100644 --- a/lib/cpus/aarch64/cortex_makalu_elp_arm.S +++ b/lib/cpus/aarch64/cortex_makalu_elp_arm.S @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021, Arm Limited. All rights reserved. + * Copyright (c) 2021-2022, Arm Limited. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -10,6 +10,7 @@ #include <cortex_makalu_elp_arm.h> #include <cpu_macros.S> #include <plat_macros.S> +#include "wa_cve_2022_23960_bhb_vector.S" /* Hardware handled coherency */ #if HW_ASSISTED_COHERENCY == 0 @@ -21,6 +22,10 @@ #error "Cortex Makalu ELP supports only AArch64. Compile with CTX_INCLUDE_AARCH32_REGS=0" #endif +#if WORKAROUND_CVE_2022_23960 + wa_cve_2022_23960_bhb_vector_table CORTEX_MAKALU_ELP_ARM_BHB_LOOP_COUNT, cortex_makalu_elp_arm +#endif /* WORKAROUND_CVE_2022_23960 */ + /* ---------------------------------------------------- * HW will do the cache maintenance while powering down * ---------------------------------------------------- @@ -37,22 +42,53 @@ func cortex_makalu_elp_arm_core_pwr_dwn ret endfunc cortex_makalu_elp_arm_core_pwr_dwn -#if REPORT_ERRATA -/* - * Errata printing function for Cortex Makalu ELP. Must follow AAPCS. - */ -func cortex_makalu_elp_arm_errata_report - ret -endfunc cortex_makalu_elp_arm_errata_report +func check_errata_cve_2022_23960 +#if WORKAROUND_CVE_2022_23960 + mov x0, #ERRATA_APPLIES +#else + mov x0, #ERRATA_MISSING #endif + ret +endfunc check_errata_cve_2022_23960 func cortex_makalu_elp_arm_reset_func /* Disable speculative loads */ msr SSBS, xzr + +#if IMAGE_BL31 && WORKAROUND_CVE_2022_23960 + /* + * The Cortex Makalu ELP generic vectors are overridden to apply + * errata mitigation on exception entry from lower ELs. + */ + adr x0, wa_cve_vbar_cortex_makalu_elp_arm + msr vbar_el3, x0 +#endif /* IMAGE_BL31 && WORKAROUND_CVE_2022_23960 */ + isb ret endfunc cortex_makalu_elp_arm_reset_func +#if REPORT_ERRATA +/* + * Errata printing function for Cortex Makalu ELP. Must follow AAPCS. + */ +func cortex_makalu_elp_arm_errata_report + stp x8, x30, [sp, #-16]! + + bl cpu_get_rev_var + mov x8, x0 + + /* + * Report all errata. The revision-variant information is passed to + * checking functions of each errata. + */ + report_errata WORKAROUND_CVE_2022_23960, cortex_makalu_elp_arm, cve_2022_23960 + + ldp x8, x30, [sp], #16 + ret +endfunc cortex_makalu_elp_arm_errata_report +#endif + /* --------------------------------------------- * This function provides Cortex Makalu ELP- * specific register information for crash diff --git a/lib/cpus/aarch64/neoverse_demeter.S b/lib/cpus/aarch64/neoverse_demeter.S index f43c18b6b2..41cb4ee466 100644 --- a/lib/cpus/aarch64/neoverse_demeter.S +++ b/lib/cpus/aarch64/neoverse_demeter.S @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021, Arm Limited. All rights reserved. + * Copyright (c) 2021-2022, Arm Limited. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -10,6 +10,7 @@ #include <neoverse_demeter.h> #include <cpu_macros.S> #include <plat_macros.S> +#include "wa_cve_2022_23960_bhb_vector.S" /* Hardware handled coherency */ #if HW_ASSISTED_COHERENCY == 0 @@ -21,6 +22,10 @@ #error "Neoverse Demeter supports only AArch64. Compile with CTX_INCLUDE_AARCH32_REGS=0" #endif +#if WORKAROUND_CVE_2022_23960 + wa_cve_2022_23960_bhb_vector_table NEOVERSE_DEMETER_BHB_LOOP_COUNT, neoverse_demeter +#endif /* WORKAROUND_CVE_2022_23960 */ + /* ---------------------------------------------------- * HW will do the cache maintenance while powering down * ---------------------------------------------------- @@ -37,22 +42,52 @@ func neoverse_demeter_core_pwr_dwn ret endfunc neoverse_demeter_core_pwr_dwn -#if REPORT_ERRATA -/* - * Errata printing function for Neoverse Demeter. Must follow AAPCS. - */ -func neoverse_demeter_errata_report - ret -endfunc neoverse_demeter_errata_report +func check_errata_cve_2022_23960 +#if WORKAROUND_CVE_2022_23960 + mov x0, #ERRATA_APPLIES +#else + mov x0, #ERRATA_MISSING #endif + ret +endfunc check_errata_cve_2022_23960 func neoverse_demeter_reset_func /* Disable speculative loads */ msr SSBS, xzr + +#if IMAGE_BL31 && WORKAROUND_CVE_2022_23960 + /* + * The Neoverse Demeter vectors are overridden to apply + * errata mitigation on exception entry from lower ELs. + */ + adr x0, wa_cve_vbar_neoverse_demeter + msr vbar_el3, x0 +#endif /* IMAGE_BL31 && WORKAROUND_CVE_2022_23960 */ isb ret endfunc neoverse_demeter_reset_func +#if REPORT_ERRATA +/* + * Errata printing function for Neoverse Demeter. Must follow AAPCS. + */ +func neoverse_demeter_errata_report + stp x8, x30, [sp, #-16]! + + bl cpu_get_rev_var + mov x8, x0 + + /* + * Report all errata. The revision-variant information is passed to + * checking functions of each errata. + */ + report_errata WORKAROUND_CVE_2022_23960, neoverse_demeter, cve_2022_23960 + + ldp x8, x30, [sp], #16 + ret +endfunc neoverse_demeter_errata_report +#endif + /* --------------------------------------------- * This function provides Neoverse Demeter- * specific register information for crash diff --git a/lib/cpus/aarch64/neoverse_poseidon.S b/lib/cpus/aarch64/neoverse_poseidon.S index 43a93aa3c1..030293da0e 100644 --- a/lib/cpus/aarch64/neoverse_poseidon.S +++ b/lib/cpus/aarch64/neoverse_poseidon.S @@ -10,6 +10,7 @@ #include <neoverse_poseidon.h> #include <cpu_macros.S> #include <plat_macros.S> +#include "wa_cve_2022_23960_bhb_vector.S" /* Hardware handled coherency */ #if HW_ASSISTED_COHERENCY == 0 @@ -21,6 +22,10 @@ #error "Neoverse Poseidon supports only AArch64. Compile with CTX_INCLUDE_AARCH32_REGS=0" #endif +#if WORKAROUND_CVE_2022_23960 + wa_cve_2022_23960_bhb_vector_table NEOVERSE_POSEIDON_BHB_LOOP_COUNT, neoverse_poseidon +#endif /* WORKAROUND_CVE_2022_23960 */ + /* --------------------------------------------- * HW will do the cache maintenance while powering down * --------------------------------------------- @@ -37,22 +42,53 @@ func neoverse_poseidon_core_pwr_dwn ret endfunc neoverse_poseidon_core_pwr_dwn -#if REPORT_ERRATA - /* - * Errata printing function for Neoverse Poseidon. Must follow AAPCS. - */ -func neoverse_poseidon_errata_report - ret -endfunc neoverse_poseidon_errata_report +func check_errata_cve_2022_23960 +#if WORKAROUND_CVE_2022_23960 + mov x0, #ERRATA_APPLIES +#else + mov x0, #ERRATA_MISSING #endif + ret +endfunc check_errata_cve_2022_23960 func neoverse_poseidon_reset_func /* Disable speculative loads */ msr SSBS, xzr + +#if IMAGE_BL31 && WORKAROUND_CVE_2022_23960 + /* + * The Neoverse Poseidon generic vectors are overridden to apply + * errata mitigation on exception entry from lower ELs. + */ + adr x0, wa_cve_vbar_neoverse_poseidon + msr vbar_el3, x0 +#endif /* IMAGE_BL31 && WORKAROUND_CVE_2022_23960 */ + isb ret endfunc neoverse_poseidon_reset_func +#if REPORT_ERRATA + /* + * Errata printing function for Neoverse Poseidon. Must follow AAPCS. + */ +func neoverse_poseidon_errata_report + stp x8, x30, [sp, #-16]! + + bl cpu_get_rev_var + mov x8, x0 + + /* + * Report all errata. The revision-variant information is passed to + * checking functions of each errata. + */ + report_errata WORKAROUND_CVE_2022_23960, neoverse_poseidon, cve_2022_23960 + + ldp x8, x30, [sp], #16 + ret +endfunc neoverse_poseidon_errata_report +#endif + /* --------------------------------------------- * This function provides Neoverse-Poseidon specific * register information for crash reporting. |