From af65cbb9549765917cf79ab0a819fe58773882ab Mon Sep 17 00:00:00 2001 From: Sona Mathew Date: Mon, 20 May 2024 13:48:19 -0500 Subject: [PATCH] fix(cpus): workaround for CVE-2024-5660 for Cortex-X4 Implements mitigation for CVE-2024-5660 that affects Cortex-X4 revisions r0p0, r0p1, r0p2. The workaround is to disable the hardware page aggregation at EL3 by setting CPUECTLR_EL1[46] = 1'b1. Public Documentation: https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-5660 Change-Id: I378cb4978919cced03e7febc2ad431c572eac72d Signed-off-by: Sona Mathew --- docs/design/cpu-specific-build-macros.rst | 5 +++++ lib/cpus/aarch64/cortex_x4.S | 7 +++++++ lib/cpus/cpu-ops.mk | 6 ++++++ 3 files changed, 18 insertions(+) diff --git a/docs/design/cpu-specific-build-macros.rst b/docs/design/cpu-specific-build-macros.rst index f1cb73bfc..369ec6ff5 100644 --- a/docs/design/cpu-specific-build-macros.rst +++ b/docs/design/cpu-specific-build-macros.rst @@ -33,6 +33,11 @@ vulnerability workarounds should be applied at runtime. This build option should be set to 1 if the target platform contains at least 1 CPU that requires this mitigation. Defaults to 1. +- ``WORKAROUND_CVE_2024_5660``: Enables mitigation for `CVE-2024-5660`. + The fix is to disable hardware page aggregation by setting CPUECTLR_EL1[46] + in EL3 FW. This build option should be set to 1 if the target platform contains + at least 1 CPU that requires this mitigation. Defaults to 1. + .. _arm_cpu_macros_errata_workarounds: CPU Errata Workarounds diff --git a/lib/cpus/aarch64/cortex_x4.S b/lib/cpus/aarch64/cortex_x4.S index 4ff0ea52c..81704daa8 100644 --- a/lib/cpus/aarch64/cortex_x4.S +++ b/lib/cpus/aarch64/cortex_x4.S @@ -46,6 +46,13 @@ check_erratum_custom_start cortex_x4, ERRATUM(2726228) ret check_erratum_custom_end cortex_x4, ERRATUM(2726228) +/* Disable hardware page aggregation. Enables mitigation for `CVE-2024-5660` */ +workaround_reset_start cortex_x4, CVE(2024, 5660), WORKAROUND_CVE_2024_5660 + sysreg_bit_set CORTEX_X4_CPUECTLR_EL1, BIT(46) +workaround_reset_end cortex_x4, CVE(2024, 5660) + +check_erratum_ls cortex_x4, CVE(2024, 5660), CPU_REV(0, 2) + workaround_runtime_start cortex_x4, ERRATUM(2740089), ERRATA_X4_2740089 /* dsb before isb of power down sequence */ dsb sy diff --git a/lib/cpus/cpu-ops.mk b/lib/cpus/cpu-ops.mk index 4a04a9dc7..d5324606b 100644 --- a/lib/cpus/cpu-ops.mk +++ b/lib/cpus/cpu-ops.mk @@ -33,6 +33,12 @@ CPU_FLAG_LIST += DYNAMIC_WORKAROUND_CVE_2018_3639 WORKAROUND_CVE_2022_23960 ?=1 CPU_FLAG_LIST += WORKAROUND_CVE_2022_23960 +# Flag to disable Hardware page aggregation(HPA). +# This flag is enabled by default. +WORKAROUND_CVE_2024_5660 ?=1 +CPU_FLAG_LIST += WORKAROUND_CVE_2024_5660 + + # Flags to indicate internal or external Last level cache # By default internal CPU_FLAG_LIST += NEOVERSE_Nx_EXTERNAL_LLC