fix(pauth): emit isb after pauth key update
Following e7d7f326e1a262289ed:
Hypervisor/SPMC pointer authentication key restoration misses an ISB
after key update causing function instrumentation (PACIASP/AUTIASP) to
possibly use stale key value of before the PAuth key MSR update.
Change-Id: I52fe4fb76f23bbd79096962cc17d395ef5aa19cf
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
diff --git a/src/arch/aarch64/hypervisor/exceptions.S b/src/arch/aarch64/hypervisor/exceptions.S
index 7de43a8..41dd600 100644
--- a/src/arch/aarch64/hypervisor/exceptions.S
+++ b/src/arch/aarch64/hypervisor/exceptions.S
@@ -492,6 +492,7 @@
msr APDBKEYHI_EL1, xzr
msr APGAKEYLO_EL1, xzr
msr APGAKEYHI_EL1, xzr
+ /* Omit ISB as SMC following is a context synchronizing event. */
#endif
smc #0
@@ -784,6 +785,7 @@
/* Restore vCPU APIA key. */
msr APIAKEYLO_EL1, x1
msr APIAKEYHI_EL1, x2
+ /* Omit ISB as ERET following is a context synchronizing event. */
#endif
ldp x4, x5, [x0, #VCPU_REGS + 8 * 4]
diff --git a/src/arch/aarch64/hypervisor/hypervisor_entry.S b/src/arch/aarch64/hypervisor/hypervisor_entry.S
index da90bec..a6b89a4 100644
--- a/src/arch/aarch64/hypervisor/hypervisor_entry.S
+++ b/src/arch/aarch64/hypervisor/hypervisor_entry.S
@@ -224,6 +224,12 @@
ldp x1, x2, [x1]
msr APIAKEYLO_EL1, x1
msr APIAKEYHI_EL1, x2
+
+ /*
+ * Emit ISB to ensure the pointer authentication key change takes
+ * effect before any pauth instruction is executed.
+ */
+ isb
#endif
/*