From 878464f02a043207f29282f05109012152df569b Mon Sep 17 00:00:00 2001
From: Sona Mathew <sonarebecca.mathew@arm.com>
Date: Tue, 21 May 2024 14:08:56 -0500
Subject: [PATCH] fix(cpus): workaround for CVE-2024-5660 for Neoverse-V2

Implements mitigation for CVE-2024-5660 that affects Neoverse-V2
revisions r0p0, r0p1, r0p2.
The workaround is to disable the hardware page aggregation at
EL3 by setting CPUECTLR_EL1[46] = 1'b1.

Public Documentation:
https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-5660

Change-Id: If66687add52d16f68ce54fe5433dd3b3f067ee04
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
---
 lib/cpus/aarch64/neoverse_v2.S | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/lib/cpus/aarch64/neoverse_v2.S b/lib/cpus/aarch64/neoverse_v2.S
index ca66f8dd6..f56a5e86d 100644
--- a/lib/cpus/aarch64/neoverse_v2.S
+++ b/lib/cpus/aarch64/neoverse_v2.S
@@ -22,6 +22,13 @@
 #error "Neoverse V2 supports only AArch64. Compile with CTX_INCLUDE_AARCH32_REGS=0"
 #endif
 
+/* Disable hardware page aggregation. Enables mitigation for `CVE-2024-5660` */
+workaround_reset_start neoverse_v2, CVE(2024, 5660), WORKAROUND_CVE_2024_5660
+	sysreg_bit_set NEOVERSE_V2_CPUECTLR_EL1, BIT(46)
+workaround_reset_end neoverse_v2, CVE(2024, 5660)
+
+check_erratum_ls neoverse_v2, CVE(2024, 5660), CPU_REV(0, 2)
+
 workaround_reset_start neoverse_v2, ERRATUM(2331132), ERRATA_V2_2331132
 	sysreg_bitfield_insert NEOVERSE_V2_CPUECTLR2_EL1, NEOVERSE_V2_CPUECTLR2_EL1_PF_MODE_CNSRV, \
 		NEOVERSE_V2_CPUECTLR2_EL1_PF_MODE_LSB, NEOVERSE_V2_CPUECTLR2_EL1_PF_MODE_WIDTH