TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / sandbox / arthur / trustedfirmware-a / 3e4d94c43b64c66b2aa5f8108f5b9fe13c2ceb82^! / .
commit3e4d94c43b64c66b2aa5f8108f5b9fe13c2ceb82[log] [tgz]
authorArvind Ram Prakash <arvind.ramprakash@arm.com>Fri Sep 06 12:19:59 2024 -0500
committerYann Gautier <yann.gautier@st.com>Fri Feb 07 18:32:03 2025 +0100
treebc140d01ccc908cc41b5bbbae8d7a43e4f027fb8
parent41a52efd6f38920e90e19f42d7193d261e6ab209 [diff]
fix(security): add CVE-2024-7881 mitigation to Cortex-X925

This patch mitigates CVE-2024-7881 [1] by setting CPUACTLR6_EL1[41] to 1
for Cortex-X925 CPU.

[1]: https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-7881

Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: I53e72e4dbc8937cea3c344a5ba04664c50a0792a
(cherry picked from commit 520c2207b96d31adf508edc068bb97cd01d98da4)

diff --git a/include/lib/cpus/aarch64/cortex_x925.h b/include/lib/cpus/aarch64/cortex_x925.h
index b0d0ca4..ecbbb59 100644
--- a/include/lib/cpus/aarch64/cortex_x925.h
+++ b/include/lib/cpus/aarch64/cortex_x925.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2023-2024, Arm Limited. All rights reserved.
+ * Copyright (c) 2023-2025, Arm Limited. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -21,4 +21,9 @@
 #define CORTEX_X925_CPUPWRCTLR_EL1				S3_0_C15_C2_7
 #define CORTEX_X925_CPUPWRCTLR_EL1_CORE_PWRDN_BIT		U(1)
 
+/*******************************************************************************
+ * CPU Auxiliary control register 6 specific definitions
+ ******************************************************************************/
+#define CORTEX_X925_CPUACTLR6_EL1                                S3_0_C15_C8_1
+
 #endif /* CORTEX_X925_H */

diff --git a/lib/cpus/aarch64/cortex_x925.S b/lib/cpus/aarch64/cortex_x925.S
index 3a31664..c76c821 100644
--- a/lib/cpus/aarch64/cortex_x925.S
+++ b/lib/cpus/aarch64/cortex_x925.S

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2023-2024, Arm Limited. All rights reserved.
+ * Copyright (c) 2023-2025, Arm Limited. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -28,6 +28,17 @@
 
 check_erratum_ls cortex_x925, CVE(2024, 5660), CPU_REV(0, 1)
 
+workaround_reset_start cortex_x925, CVE(2024, 7881), WORKAROUND_CVE_2024_7881
+	/* ---------------------------------
+         * Sets BIT41 of CPUACTLR6_EL1 which
+         * disables L1 Data cache prefetcher
+         * ---------------------------------
+         */
+	sysreg_bit_set CORTEX_X925_CPUACTLR6_EL1, BIT(41)
+workaround_reset_end cortex_x925, CVE(2024, 7881)
+
+check_erratum_chosen cortex_x925, CVE(2024, 7881), WORKAROUND_CVE_2024_7881
+
 cpu_reset_func_start cortex_x925
 	/* Disable speculative loads */
 	msr	SSBS, xzr