From 9427c061eb8dee00c32d72c20d6bc231002a575c Mon Sep 17 00:00:00 2001 From: Arvind Ram Prakash Date: Fri, 7 Feb 2025 16:28:32 +0100 Subject: [PATCH] fix(security): apply SMCCC_ARCH_WORKAROUND_4 to affected cpus This patch implements SMCCC_ARCH_WORKAROUND_4 and allows discovery through SMCCC_ARCH_FEATURES. This mechanism is enabled if CVE_2024_7881 [1] is enabled by the platform. If CVE_2024_7881 mitigation is implemented, the discovery call returns 0, if not -1 (SMC_ARCH_CALL_NOT_SUPPORTED). For more information about SMCCC_ARCH_WORKAROUND_4 [2], please refer to the SMCCC Specification reference provided below. [1]: https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-7881 [2]: https://developer.arm.com/documentation/den0028/latest Signed-off-by: Arvind Ram Prakash Change-Id: I1b1ffaa1f806f07472fd79d5525f81764d99bc79 (cherry picked from commit 8ae6b1ad6c9c57b09b6d4e7ae3cbdf3aed6455b1) --- include/lib/cpus/errata.h | 4 ++- include/services/arm_arch_svc.h | 3 +- lib/cpus/aarch64/cortex_x3.S | 6 +++- lib/cpus/aarch64/cortex_x4.S | 6 +++- lib/cpus/aarch64/cortex_x925.S | 6 +++- lib/cpus/aarch64/cpu_helpers.S | 37 ++++++++++++++++++++++ lib/cpus/aarch64/neoverse_v2.S | 6 +++- lib/cpus/aarch64/neoverse_v3.S | 6 +++- services/arm_arch_svc/arm_arch_svc_setup.c | 20 +++++++++++- 9 files changed, 86 insertions(+), 8 deletions(-) diff --git a/include/lib/cpus/errata.h b/include/lib/cpus/errata.h index 2c31515ef..a2f2fc641 100644 --- a/include/lib/cpus/errata.h +++ b/include/lib/cpus/errata.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2017-2024, Arm Limited and Contributors. All rights reserved. + * Copyright (c) 2017-2025, Arm Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -48,6 +48,8 @@ static inline bool errata_a75_764081_applies(void) unsigned int check_if_affected_core(void); #endif +int check_wa_cve_2024_7881(void); + /* * NOTE that this structure will be different on AArch32 and AArch64. The * uintptr_t will reflect the change and the alignment will be correct in both. diff --git a/include/services/arm_arch_svc.h b/include/services/arm_arch_svc.h index 645b388fe..85b6b830b 100644 --- a/include/services/arm_arch_svc.h +++ b/include/services/arm_arch_svc.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2018-2022, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2018-2025, Arm Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -13,6 +13,7 @@ #define SMCCC_ARCH_WORKAROUND_1 U(0x80008000) #define SMCCC_ARCH_WORKAROUND_2 U(0x80007FFF) #define SMCCC_ARCH_WORKAROUND_3 U(0x80003FFF) +#define SMCCC_ARCH_WORKAROUND_4 U(0x80000004) #define SMCCC_GET_SOC_VERSION U(0) #define SMCCC_GET_SOC_REVISION U(1) diff --git a/lib/cpus/aarch64/cortex_x3.S b/lib/cpus/aarch64/cortex_x3.S index cbdfe3b34..4a0212e20 100644 --- a/lib/cpus/aarch64/cortex_x3.S +++ b/lib/cpus/aarch64/cortex_x3.S @@ -162,6 +162,10 @@ func cortex_x3_cpu_reg_dump ret endfunc cortex_x3_cpu_reg_dump -declare_cpu_ops cortex_x3, CORTEX_X3_MIDR, \ +declare_cpu_ops_wa_4 cortex_x3, CORTEX_X3_MIDR, \ cortex_x3_reset_func, \ + CPU_NO_EXTRA1_FUNC, \ + CPU_NO_EXTRA2_FUNC, \ + CPU_NO_EXTRA3_FUNC, \ + check_erratum_cortex_x3_7881, \ cortex_x3_core_pwr_dwn diff --git a/lib/cpus/aarch64/cortex_x4.S b/lib/cpus/aarch64/cortex_x4.S index e733f41de..57658286e 100644 --- a/lib/cpus/aarch64/cortex_x4.S +++ b/lib/cpus/aarch64/cortex_x4.S @@ -160,6 +160,10 @@ func cortex_x4_cpu_reg_dump ret endfunc cortex_x4_cpu_reg_dump -declare_cpu_ops cortex_x4, CORTEX_X4_MIDR, \ +declare_cpu_ops_wa_4 cortex_x4, CORTEX_X4_MIDR, \ cortex_x4_reset_func, \ + CPU_NO_EXTRA1_FUNC, \ + CPU_NO_EXTRA2_FUNC, \ + CPU_NO_EXTRA3_FUNC, \ + check_erratum_cortex_x4_7881, \ cortex_x4_core_pwr_dwn diff --git a/lib/cpus/aarch64/cortex_x925.S b/lib/cpus/aarch64/cortex_x925.S index c76c821d1..5b6632aef 100644 --- a/lib/cpus/aarch64/cortex_x925.S +++ b/lib/cpus/aarch64/cortex_x925.S @@ -77,6 +77,10 @@ func cortex_x925_cpu_reg_dump ret endfunc cortex_x925_cpu_reg_dump -declare_cpu_ops cortex_x925, CORTEX_X925_MIDR, \ +declare_cpu_ops_wa_4 cortex_x925, CORTEX_X925_MIDR, \ cortex_x925_reset_func, \ + CPU_NO_EXTRA1_FUNC, \ + CPU_NO_EXTRA2_FUNC, \ + CPU_NO_EXTRA3_FUNC, \ + check_erratum_cortex_x925_7881, \ cortex_x925_core_pwr_dwn diff --git a/lib/cpus/aarch64/cpu_helpers.S b/lib/cpus/aarch64/cpu_helpers.S index 3aa4f1552..0f9a3b8cb 100644 --- a/lib/cpus/aarch64/cpu_helpers.S +++ b/lib/cpus/aarch64/cpu_helpers.S @@ -326,6 +326,43 @@ func check_wa_cve_2017_5715 ret endfunc check_wa_cve_2017_5715 +/* + * int check_wa_cve_2024_7881(void); + * + * This function returns: + * - ERRATA_APPLIES when firmware mitigation is required. + * - ERRATA_NOT_APPLIES when firmware mitigation is _not_ required. + * - ERRATA_MISSING when firmware mitigation would be required but + * is not compiled in. + * + * NOTE: Must be called only after cpu_ops have been initialized + * in per-CPU data. + */ +.globl check_wa_cve_2024_7881 +func check_wa_cve_2024_7881 + mrs x0, tpidr_el3 +#if ENABLE_ASSERTIONS + cmp x0, #0 + ASM_ASSERT(ne) +#endif + ldr x0, [x0, #CPU_DATA_CPU_OPS_PTR] +#if ENABLE_ASSERTIONS + cmp x0, #0 + ASM_ASSERT(ne) +#endif + ldr x0, [x0, #CPU_EXTRA4_FUNC] + /* + * If the reserved function pointer is NULL, this CPU + * is unaffected by CVE-2024-7881 so bail out. + */ + cmp x0, #CPU_NO_EXTRA4_FUNC + beq 1f + br x0 +1: + mov x0, #ERRATA_NOT_APPLIES + ret +endfunc check_wa_cve_2024_7881 + /* * void *wa_cve_2018_3639_get_disable_ptr(void); * diff --git a/lib/cpus/aarch64/neoverse_v2.S b/lib/cpus/aarch64/neoverse_v2.S index 56b512455..b43f6dd19 100644 --- a/lib/cpus/aarch64/neoverse_v2.S +++ b/lib/cpus/aarch64/neoverse_v2.S @@ -153,6 +153,10 @@ func neoverse_v2_cpu_reg_dump ret endfunc neoverse_v2_cpu_reg_dump -declare_cpu_ops neoverse_v2, NEOVERSE_V2_MIDR, \ +declare_cpu_ops_wa_4 neoverse_v2, NEOVERSE_V2_MIDR, \ neoverse_v2_reset_func, \ + CPU_NO_EXTRA1_FUNC, \ + CPU_NO_EXTRA2_FUNC, \ + CPU_NO_EXTRA3_FUNC, \ + check_erratum_neoverse_v2_7881, \ neoverse_v2_core_pwr_dwn diff --git a/lib/cpus/aarch64/neoverse_v3.S b/lib/cpus/aarch64/neoverse_v3.S index 1f3db2bc6..69b66278d 100644 --- a/lib/cpus/aarch64/neoverse_v3.S +++ b/lib/cpus/aarch64/neoverse_v3.S @@ -101,6 +101,10 @@ declare_cpu_ops neoverse_v3, NEOVERSE_V3_VNAE_MIDR, \ neoverse_v3_reset_func, \ neoverse_v3_core_pwr_dwn -declare_cpu_ops neoverse_v3, NEOVERSE_V3_MIDR, \ +declare_cpu_ops_wa_4 neoverse_v3, NEOVERSE_V3_MIDR, \ neoverse_v3_reset_func, \ + CPU_NO_EXTRA1_FUNC, \ + CPU_NO_EXTRA2_FUNC, \ + CPU_NO_EXTRA3_FUNC, \ + check_erratum_neoverse_v3_7881, \ neoverse_v3_core_pwr_dwn diff --git a/services/arm_arch_svc/arm_arch_svc_setup.c b/services/arm_arch_svc/arm_arch_svc_setup.c index 545616469..740f7e2da 100644 --- a/services/arm_arch_svc/arm_arch_svc_setup.c +++ b/services/arm_arch_svc/arm_arch_svc_setup.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2018-2024, Arm Limited and Contributors. All rights reserved. + * Copyright (c) 2018-2025, Arm Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -90,6 +90,15 @@ static int32_t smccc_arch_features(u_register_t arg1) } return 0; /* ERRATA_APPLIES || ERRATA_MISSING */ #endif + +#if WORKAROUND_CVE_2024_7881 + case SMCCC_ARCH_WORKAROUND_4: + if (check_wa_cve_2024_7881() != ERRATA_APPLIES) { + return SMC_ARCH_CALL_NOT_SUPPORTED; + } + return 0; +#endif /* WORKAROUND_CVE_2024_7881 */ + #endif /* __aarch64__ */ /* Fallthrough */ @@ -160,6 +169,15 @@ static uintptr_t arm_arch_svc_smc_handler(uint32_t smc_fid, */ SMC_RET0(handle); #endif +#if WORKAROUND_CVE_2024_7881 + case SMCCC_ARCH_WORKAROUND_4: + /* + * The workaround has already been applied on affected PEs + * during cold boot. This function has no effect whether PE is + * affected or not. + */ + SMC_RET0(handle); +#endif /* WORKAROUND_CVE_2024_7881 */ #endif /* __aarch64__ */ default: WARN("Unimplemented Arm Architecture Service Call: 0x%x \n",