From 26e0ff9d5e99b2ea0eedfd202401655ee404e52f Mon Sep 17 00:00:00 2001
From: Sona Mathew <sonarebecca.mathew@arm.com>
Date: Tue, 21 May 2024 14:20:44 -0500
Subject: [PATCH] fix(cpus): workaround for CVE-2024-5660 for Neoverse-N2

Implements mitigation for CVE-2024-5660 that affects Neoverse-N2
revisions r0p0, r0p1, r0p2, r0p3.
The workaround is to disable the hardware page aggregation at
EL3 by setting CPUECTLR_EL1[46] = 1'b1.
This patch implements the erratum mitigation for Neoverse-N2.

Public Documentation:
https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-5660

Change-Id: I2b9dea78771cc159586a03ff563c0ec79591ea64
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
---
 lib/cpus/aarch64/neoverse_n2.S | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/lib/cpus/aarch64/neoverse_n2.S b/lib/cpus/aarch64/neoverse_n2.S
index d2237f1c1..69aa8abbc 100644
--- a/lib/cpus/aarch64/neoverse_n2.S
+++ b/lib/cpus/aarch64/neoverse_n2.S
@@ -34,6 +34,13 @@
 .equ erratum_neoverse_n2_2313941_wa, errata_dsu_2313941_wa
 add_erratum_entry neoverse_n2, ERRATUM(2313941), ERRATA_DSU_2313941, APPLY_AT_RESET
 
+/* Disable hardware page aggregation. Enables mitigation for `CVE-2024-5660` */
+workaround_reset_start neoverse_n2, CVE(2024, 5660), WORKAROUND_CVE_2024_5660
+	sysreg_bit_set NEOVERSE_N2_CPUECTLR_EL1, BIT(46)
+workaround_reset_end neoverse_n2, CVE(2024, 5660)
+
+check_erratum_ls neoverse_n2, CVE(2024, 5660), CPU_REV(0, 3)
+
 workaround_reset_start neoverse_n2, ERRATUM(2002655), ERRATA_N2_2002655
 	/* Apply instruction patching sequence */
 	ldr x0,=0x6