From 3991a6a49f3cf8d0b30a2800428e60454e2f92dd Mon Sep 17 00:00:00 2001 From: Dimitris Papastamos Date: Mon, 12 Mar 2018 13:27:02 +0000 Subject: Use PFR0 to identify need for mitigation of CVE-2017-5715 If the CSV2 field reads as 1 then branch targets trained in one context cannot affect speculative execution in a different context. In that case skip the workaround on Cortex A72 and A73. Change-Id: Ide24fb6efc77c548e4296295adc38dca87d042ee Signed-off-by: Dimitris Papastamos --- lib/cpus/aarch64/cortex_a72.S | 6 ++++++ lib/cpus/aarch64/cortex_a73.S | 6 ++++++ lib/cpus/aarch64/cortex_a75.S | 20 ++------------------ 3 files changed, 14 insertions(+), 18 deletions(-) (limited to 'lib') diff --git a/lib/cpus/aarch64/cortex_a72.S b/lib/cpus/aarch64/cortex_a72.S index 9633aa8f..199820cc 100644 --- a/lib/cpus/aarch64/cortex_a72.S +++ b/lib/cpus/aarch64/cortex_a72.S @@ -98,12 +98,16 @@ func check_errata_859971 endfunc check_errata_859971 func check_errata_cve_2017_5715 + cpu_check_csv2 x0, 1f #if WORKAROUND_CVE_2017_5715 mov x0, #ERRATA_APPLIES #else mov x0, #ERRATA_MISSING #endif ret +1: + mov x0, #ERRATA_NOT_APPLIES + ret endfunc check_errata_cve_2017_5715 /* ------------------------------------------------- @@ -121,8 +125,10 @@ func cortex_a72_reset_func #endif #if IMAGE_BL31 && WORKAROUND_CVE_2017_5715 + cpu_check_csv2 x0, 1f adr x0, workaround_mmu_runtime_exceptions msr vbar_el3, x0 +1: #endif /* --------------------------------------------- diff --git a/lib/cpus/aarch64/cortex_a73.S b/lib/cpus/aarch64/cortex_a73.S index 11680a09..63d16f9d 100644 --- a/lib/cpus/aarch64/cortex_a73.S +++ b/lib/cpus/aarch64/cortex_a73.S @@ -37,8 +37,10 @@ endfunc cortex_a73_disable_smp func cortex_a73_reset_func #if IMAGE_BL31 && WORKAROUND_CVE_2017_5715 + cpu_check_csv2 x0, 1f adr x0, workaround_bpiall_vbar0_runtime_exceptions msr vbar_el3, x0 +1: #endif /* --------------------------------------------- @@ -115,12 +117,16 @@ func cortex_a73_cluster_pwr_dwn endfunc cortex_a73_cluster_pwr_dwn func check_errata_cve_2017_5715 + cpu_check_csv2 x0, 1f #if WORKAROUND_CVE_2017_5715 mov x0, #ERRATA_APPLIES #else mov x0, #ERRATA_MISSING #endif ret +1: + mov x0, #ERRATA_NOT_APPLIES + ret endfunc check_errata_cve_2017_5715 #if REPORT_ERRATA diff --git a/lib/cpus/aarch64/cortex_a75.S b/lib/cpus/aarch64/cortex_a75.S index 12ea304d..d1027951 100644 --- a/lib/cpus/aarch64/cortex_a75.S +++ b/lib/cpus/aarch64/cortex_a75.S @@ -12,15 +12,7 @@ func cortex_a75_reset_func #if IMAGE_BL31 && WORKAROUND_CVE_2017_5715 - mrs x0, id_aa64pfr0_el1 - ubfx x0, x0, #ID_AA64PFR0_CSV2_SHIFT, #ID_AA64PFR0_CSV2_LENGTH - /* - * If the field equals to 1 then branch targets trained in one - * context cannot affect speculative execution in a different context. - */ - cmp x0, #1 - beq 1f - + cpu_check_csv2 x0, 1f adr x0, workaround_bpiall_vbar0_runtime_exceptions msr vbar_el3, x0 1: @@ -53,15 +45,7 @@ func cortex_a75_reset_func endfunc cortex_a75_reset_func func check_errata_cve_2017_5715 - mrs x0, id_aa64pfr0_el1 - ubfx x0, x0, #ID_AA64PFR0_CSV2_SHIFT, #ID_AA64PFR0_CSV2_LENGTH - /* - * If the field equals to 1 then branch targets trained in one - * context cannot affect speculative execution in a different context. - */ - cmp x0, #1 - beq 1f - + cpu_check_csv2 x0, 1f #if WORKAROUND_CVE_2017_5715 mov x0, #ERRATA_APPLIES #else -- cgit v1.2.3