Djam/arm-trusted-firmware
1
0
Fork 0
mirror of https://github.com/ARM-software/arm-trusted-firmware.git synced 2025-04-16 09:34:18 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix(security): workaround for CVE-2022-23960 for Cortex-X1

Browse source 
Implements the loop workaround for Cortex-X1.

Signed-off-by: Okash Khawaja <okash@google.com>
Change-Id: I5828a26c1ec3cfb718246ea5c3b099dabc0fb3d7
This commit is contained in:
Okash Khawaja 2022-04-21 13:15:56 +01:00 committed by Joanna Farley
parent 7b76c20d8e
commit e81e999b9d
2 changed files with 27 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
include/lib/cpus/aarch64/cortex_x1.h
View file

@ -10,6 +10,9 @@
/* Cortex-X1 MIDR for r1p0 */ /* Cortex-X1 MIDR for r1p0 */
#define CORTEX_X1_MIDR U(0x411fd440) #define CORTEX_X1_MIDR U(0x411fd440)
/* Cortex-X1 loop count for CVE-2022-23960 mitigation */
#define CORTEX_X1_BHB_LOOP_COUNT U(32)
/******************************************************************************* /*******************************************************************************
* CPU Extended Control register specific definitions. * CPU Extended Control register specific definitions.
******************************************************************************/ ******************************************************************************/

24
lib/cpus/aarch64/cortex_x1.S
View file

@ -7,6 +7,7 @@
#include <asm_macros.S> #include <asm_macros.S>
#include <cortex_x1.h> #include <cortex_x1.h>
#include <cpu_macros.S> #include <cpu_macros.S>
#include "wa_cve_2022_23960_bhb_vector.S"
/* Hardware handled coherency */ /* Hardware handled coherency */
#if HW_ASSISTED_COHERENCY == 0 #if HW_ASSISTED_COHERENCY == 0
@ -18,6 +19,10 @@
#error "Cortex-X1 supports only AArch64. Compile with CTX_INCLUDE_AARCH32_REGS=0" #error "Cortex-X1 supports only AArch64. Compile with CTX_INCLUDE_AARCH32_REGS=0"
#endif #endif
#if WORKAROUND_CVE_2022_23960
wa_cve_2022_23960_bhb_vector_table CORTEX_X1_BHB_LOOP_COUNT, cortex_x1
#endif /* WORKAROUND_CVE_2022_23960 */
/* -------------------------------------------------- /* --------------------------------------------------
* Errata Workaround for X1 Erratum 1821534. * Errata Workaround for X1 Erratum 1821534.
* This applies to revision r0p0 and r1p0 of X1. * This applies to revision r0p0 and r1p0 of X1.
@ -101,6 +106,15 @@ func check_errata_1827429
b cpu_rev_var_ls b cpu_rev_var_ls
endfunc check_errata_1827429 endfunc check_errata_1827429
func check_errata_cve_2022_23960
#if WORKAROUND_CVE_2022_23960
mov x0, #ERRATA_APPLIES
#else
mov x0, #ERRATA_MISSING
#endif
ret
endfunc check_errata_cve_2022_23960
/* ------------------------------------------------- /* -------------------------------------------------
* The CPU Ops reset function for Cortex-X1. * The CPU Ops reset function for Cortex-X1.
* Shall clobber: x0-x19 * Shall clobber: x0-x19
@ -126,6 +140,15 @@ func cortex_x1_reset_func
bl errata_x1_1827429_wa bl errata_x1_1827429_wa
#endif #endif
#if IMAGE_BL31 && WORKAROUND_CVE_2022_23960
/*
* The Cortex-X1 generic vectors are overridden to apply errata
* mitigation on exception entry from lower ELs.
*/
adr x0, wa_cve_vbar_cortex_x1
msr vbar_el3, x0
#endif /* IMAGE_BL31 && WORKAROUND_CVE_2022_23960 */
isb isb
ret x19 ret x19
endfunc cortex_x1_reset_func endfunc cortex_x1_reset_func
@ -163,6 +186,7 @@ func cortex_x1_errata_report
report_errata ERRATA_X1_1821534, cortex_x1, 1821534 report_errata ERRATA_X1_1821534, cortex_x1, 1821534
report_errata ERRATA_X1_1688305, cortex_x1, 1688305 report_errata ERRATA_X1_1688305, cortex_x1, 1688305
report_errata ERRATA_X1_1827429, cortex_x1, 1827429 report_errata ERRATA_X1_1827429, cortex_x1, 1827429
report_errata WORKAROUND_CVE_2022_23960, cortex_x1, cve_2022_23960
ldp x8, x30, [sp], #16 ldp x8, x30, [sp], #16
ret ret