Djam/arm-trusted-firmware
1
0
Fork 0
mirror of https://github.com/ARM-software/arm-trusted-firmware.git synced 2025-04-15 00:54:22 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix(cpus): workaround for CVE-2024-5660 for Cortex-X4

Browse source 
Implements mitigation for CVE-2024-5660 that affects Cortex-X4
revisions r0p0, r0p1, r0p2.
The workaround is to disable the hardware page aggregation at
EL3 by setting CPUECTLR_EL1[46] = 1'b1.

Public Documentation:
https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-5660

Change-Id: I378cb4978919cced03e7febc2ad431c572eac72d
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
This commit is contained in:
Sona Mathew 2024-05-20 13:48:19 -05:00
parent 0863511b68
commit af65cbb954
3 changed files with 18 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
docs/design/cpu-specific-build-macros.rst
View file

@ -33,6 +33,11 @@ vulnerability workarounds should be applied at runtime.
This build option should be set to 1 if the target platform contains at
least 1 CPU that requires this mitigation. Defaults to 1.
- ``WORKAROUND_CVE_2024_5660``: Enables mitigation for `CVE-2024-5660`.
The fix is to disable hardware page aggregation by setting CPUECTLR_EL1[46]
in EL3 FW. This build option should be set to 1 if the target platform contains
at least 1 CPU that requires this mitigation. Defaults to 1.
.. _arm_cpu_macros_errata_workarounds:
CPU Errata Workarounds

7
lib/cpus/aarch64/cortex_x4.S
View file

@ -46,6 +46,13 @@ check_erratum_custom_start cortex_x4, ERRATUM(2726228)
ret
check_erratum_custom_end cortex_x4, ERRATUM(2726228)
/* Disable hardware page aggregation. Enables mitigation for `CVE-2024-5660` */
workaround_reset_start cortex_x4, CVE(2024, 5660), WORKAROUND_CVE_2024_5660
sysreg_bit_set CORTEX_X4_CPUECTLR_EL1, BIT(46)
workaround_reset_end cortex_x4, CVE(2024, 5660)
check_erratum_ls cortex_x4, CVE(2024, 5660), CPU_REV(0, 2)
workaround_runtime_start cortex_x4, ERRATUM(2740089), ERRATA_X4_2740089
/* dsb before isb of power down sequence */
dsb sy

6
lib/cpus/cpu-ops.mk
View file

@ -33,6 +33,12 @@ CPU_FLAG_LIST += DYNAMIC_WORKAROUND_CVE_2018_3639
WORKAROUND_CVE_2022_23960 ?=1
CPU_FLAG_LIST += WORKAROUND_CVE_2022_23960
# Flag to disable Hardware page aggregation(HPA).
# This flag is enabled by default.
WORKAROUND_CVE_2024_5660 ?=1
CPU_FLAG_LIST += WORKAROUND_CVE_2024_5660
# Flags to indicate internal or external Last level cache
# By default internal
CPU_FLAG_LIST += NEOVERSE_Nx_EXTERNAL_LLC