diff options
| author | Bipin Ravi <bipin.ravi@arm.com> | 2022-03-12 01:58:02 -0600 |
|---|---|---|
| committer | Madhukar Pappireddy <madhukar.pappireddy@arm.com> | 2022-03-21 08:57:09 -0500 |
| commit | 5f802c8832f3c5824ca6de17593205ebbf8bf585 (patch) | |
| tree | 14f673d8a15ada384b276c35c62fdc28fe4590bd /lib/cpus/aarch64/cortex_a76ae.S | |
| parent | 815abebcc1658eccef55d8435c17e98eb64e7bda (diff) | |
fix(security): workaround for CVE-2022-23960 for A76AE, A78AE, A78C
Implements the loop workaround for Cortex-A76AE, Cortex-A78AE and
Cortex-A78C.
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Change-Id: I5c838f5b9d595ed3c461a7452bd465bd54acc548
Diffstat (limited to 'lib/cpus/aarch64/cortex_a76ae.S')
| -rw-r--r-- | lib/cpus/aarch64/cortex_a76ae.S | 59 |
1 files changed, 53 insertions, 6 deletions
diff --git a/lib/cpus/aarch64/cortex_a76ae.S b/lib/cpus/aarch64/cortex_a76ae.S index 888f98b50..5c19548c8 100644 --- a/lib/cpus/aarch64/cortex_a76ae.S +++ b/lib/cpus/aarch64/cortex_a76ae.S @@ -1,12 +1,15 @@ /* - * Copyright (c) 2019, Arm Limited. All rights reserved. + * Copyright (c) 2019-2022, Arm Limited. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ +#include <arch.h> #include <asm_macros.S> +#include <common/bl_common.h> #include <cortex_a76ae.h> #include <cpu_macros.S> +#include "wa_cve_2022_23960_bhb_vector.S" /* Hardware handled coherency */ #if HW_ASSISTED_COHERENCY == 0 @@ -18,14 +21,46 @@ #error "Cortex-A76AE supports only AArch64. Compile with CTX_INCLUDE_AARCH32_REGS=0" #endif - /* --------------------------------------------- +#if WORKAROUND_CVE_2022_23960 + wa_cve_2022_23960_bhb_vector_table CORTEX_A76AE_BHB_LOOP_COUNT, cortex_a76ae +#endif /* WORKAROUND_CVE_2022_23960 */ + +func check_errata_cve_2022_23960 +#if WORKAROUND_CVE_2022_23960 + mov x0, #ERRATA_APPLIES +#else + mov x0, #ERRATA_MISSING +#endif /* WORKAROUND_CVE_2022_23960 */ + ret +endfunc check_errata_cve_2022_23960 + + /* -------------------------------------------- + * The CPU Ops reset function for Cortex-A76AE. + * Shall clobber: x0-x19 + * -------------------------------------------- + */ +func cortex_a76ae_reset_func +#if IMAGE_BL31 && WORKAROUND_CVE_2022_23960 + /* + * The Cortex-A76ae generic vectors are overridden to apply errata + * mitigation on exception entry from lower ELs. + */ + adr x0, wa_cve_vbar_cortex_a76ae + msr vbar_el3, x0 + isb +#endif /* IMAGE_BL31 && WORKAROUND_CVE_2022_23960 */ + + ret +endfunc cortex_a76ae_reset_func + + /* ---------------------------------------------------- * HW will do the cache maintenance while powering down - * --------------------------------------------- + * ---------------------------------------------------- */ func cortex_a76ae_core_pwr_dwn - /* --------------------------------------------- + /* --------------------------------------------------- * Enable CPU power down bit in power control register - * --------------------------------------------- + * --------------------------------------------------- */ mrs x0, CORTEX_A76AE_CPUPWRCTLR_EL1 orr x0, x0, #CORTEX_A76AE_CORE_PWRDN_EN_MASK @@ -39,6 +74,18 @@ endfunc cortex_a76ae_core_pwr_dwn * Errata printing function for Cortex-A76AE. Must follow AAPCS. */ func cortex_a76ae_errata_report + stp x8, x30, [sp, #-16]! + + bl cpu_get_rev_var + mov x8, x0 + + /* + * Report all errata. The revision-variant information is passed to + * checking functions of each errata. + */ + report_errata WORKAROUND_CVE_2022_23960, cortex_a76ae, cve_2022_23960 + + ldp x8, x30, [sp], #16 ret endfunc cortex_a76ae_errata_report #endif /* REPORT_ERRATA */ @@ -62,5 +109,5 @@ func cortex_a76ae_cpu_reg_dump ret endfunc cortex_a76ae_cpu_reg_dump -declare_cpu_ops cortex_a76ae, CORTEX_A76AE_MIDR, CPU_NO_RESET_FUNC, \ +declare_cpu_ops cortex_a76ae, CORTEX_A76AE_MIDR, cortex_a76ae_reset_func, \ cortex_a76ae_core_pwr_dwn |