Djam/arm-trusted-firmware
1
0
Fork 0
mirror of https://github.com/ARM-software/arm-trusted-firmware.git synced 2025-04-16 09:34:18 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix(security): add CVE-2024-7881 mitigation to Neoverse-V3

Browse source 
This patch mitigates CVE-2024-7881 [1] by setting CPUACTLR6_EL1[41] to 1
for Neoverse-V3 CPU.

[1]: https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-7881

Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: Ib5c644895b8c76d3c7e8b5e6e98d7b9afef7f1ec
This commit is contained in:
Arvind Ram Prakash 2024-09-06 12:26:35 -05:00
parent 56bb1d172c
commit 037a15f5c7
2 changed files with 19 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
include/lib/cpus/aarch64/neoverse_v3.h
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2022-2024, Arm Limited. All rights reserved. * Copyright (c) 2022-2025, Arm Limited. All rights reserved.
* *
* SPDX-License-Identifier: BSD-3-Clause * SPDX-License-Identifier: BSD-3-Clause
*/ */
@ -22,7 +22,12 @@
/******************************************************************************* /*******************************************************************************
* CPU Power Control register specific definitions * CPU Power Control register specific definitions
******************************************************************************/ ******************************************************************************/
#define NEOVERSE_V3_CPUPWRCTLR_EL1 S3_0_C15_C2_7 #define NEOVERSE_V3_CPUPWRCTLR_EL1 S3_0_C15_C2_7
#define NEOVERSE_V3_CPUPWRCTLR_EL1_CORE_PWRDN_BIT U(1) #define NEOVERSE_V3_CPUPWRCTLR_EL1_CORE_PWRDN_BIT U(1)
/*******************************************************************************
* CPU Auxiliary control register 6 specific definitions
******************************************************************************/
#define NEOVERSE_V3_CPUACTLR6_EL1 S3_0_C15_C8_1
#endif /* NEOVERSE_V3_H */ #endif /* NEOVERSE_V3_H */

13
lib/cpus/aarch64/neoverse_v3.S
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2022-2024, Arm Limited. All rights reserved. * Copyright (c) 2022-2025, Arm Limited. All rights reserved.
* *
* SPDX-License-Identifier: BSD-3-Clause * SPDX-License-Identifier: BSD-3-Clause
*/ */
@ -46,6 +46,17 @@ workaround_reset_end neoverse_v3, CVE(2022,23960)
check_erratum_chosen neoverse_v3, CVE(2022, 23960), WORKAROUND_CVE_2022_23960 check_erratum_chosen neoverse_v3, CVE(2022, 23960), WORKAROUND_CVE_2022_23960
workaround_reset_start neoverse_v3, CVE(2024, 7881), WORKAROUND_CVE_2024_7881
/* ---------------------------------
* Sets BIT41 of CPUACTLR6_EL1 which
* disables L1 Data cache prefetcher
* ---------------------------------
*/
sysreg_bit_set NEOVERSE_V3_CPUACTLR6_EL1, BIT(41)
workaround_reset_end neoverse_v3, CVE(2024, 7881)
check_erratum_chosen neoverse_v3, CVE(2024, 7881), WORKAROUND_CVE_2024_7881
/* --------------------------------------------- /* ---------------------------------------------
* HW will do the cache maintenance while powering down * HW will do the cache maintenance while powering down
* --------------------------------------------- * ---------------------------------------------