Use PFR0 to identify need for mitigation of CVE-2017-5715

If the CSV2 field reads as 1 then branch targets trained in one
context cannot affect speculative execution in a different context.
In that case skip the workaround on Cortex A72 and A73.

Change-Id: Ide24fb6efc77c548e4296295adc38dca87d042ee
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>

diff --git a/include/lib/cpus/aarch64/cpu_macros.S b/include/lib/cpus/aarch64/cpu_macros.S
index ccf530663ccbdadb9d91f8e67f932c2669fc86d4..6c3a5b992f58122dfeaf52ebf151fcbc318b0625 100644 (file)
--- a/include/lib/cpus/aarch64/cpu_macros.S
+++ b/include/lib/cpus/aarch64/cpu_macros.S
@@ -229,3 +229,18 @@ CPU_OPS_SIZE = .
 #endif
 
 #endif /* __CPU_MACROS_S__ */
+
+       /*
+        * This macro is used on some CPUs to detect if they are vulnerable
+        * to CVE-2017-5715.
+        */
+       .macro  cpu_check_csv2 _reg _label
+       mrs     \_reg, id_aa64pfr0_el1
+       ubfx    \_reg, \_reg, #ID_AA64PFR0_CSV2_SHIFT, #ID_AA64PFR0_CSV2_LENGTH
+       /*
+        * If the field equals to 1 then branch targets trained in one
+        * context cannot affect speculative execution in a different context.
+        */
+       cmp     \_reg, #1
+       beq     \_label
+       .endm

diff --git a/lib/cpus/aarch64/cortex_a72.S b/lib/cpus/aarch64/cortex_a72.S
index 9633aa8f54b55c52d981df5eabbd74129e2f0af7..199820ccd3a09cd1d643e4d6c62402d25503448f 100644 (file)
--- a/lib/cpus/aarch64/cortex_a72.S
+++ b/lib/cpus/aarch64/cortex_a72.S
@@ -98,12 +98,16 @@ func check_errata_859971
 endfunc check_errata_859971
 
 func check_errata_cve_2017_5715
+       cpu_check_csv2  x0, 1f
 #if WORKAROUND_CVE_2017_5715
        mov     x0, #ERRATA_APPLIES
 #else
        mov     x0, #ERRATA_MISSING
 #endif
        ret
+1:
+       mov     x0, #ERRATA_NOT_APPLIES
+       ret
 endfunc check_errata_cve_2017_5715
 
        /* -------------------------------------------------
@@ -121,8 +125,10 @@ func cortex_a72_reset_func
 #endif
 
 #if IMAGE_BL31 && WORKAROUND_CVE_2017_5715
+       cpu_check_csv2  x0, 1f
        adr     x0, workaround_mmu_runtime_exceptions
        msr     vbar_el3, x0
+1:
 #endif
 
        /* ---------------------------------------------

diff --git a/lib/cpus/aarch64/cortex_a73.S b/lib/cpus/aarch64/cortex_a73.S
index 11680a09dd09ef016613e23daa43b9c98da2e255..63d16f9db11dbf6d71b03b37669afe59114dfaf8 100644 (file)
--- a/lib/cpus/aarch64/cortex_a73.S
+++ b/lib/cpus/aarch64/cortex_a73.S
@@ -37,8 +37,10 @@ endfunc cortex_a73_disable_smp
 
 func cortex_a73_reset_func
 #if IMAGE_BL31 && WORKAROUND_CVE_2017_5715
+       cpu_check_csv2  x0, 1f
        adr     x0, workaround_bpiall_vbar0_runtime_exceptions
        msr     vbar_el3, x0
+1:
 #endif
 
        /* ---------------------------------------------
@@ -115,12 +117,16 @@ func cortex_a73_cluster_pwr_dwn
 endfunc cortex_a73_cluster_pwr_dwn
 
 func check_errata_cve_2017_5715
+       cpu_check_csv2  x0, 1f
 #if WORKAROUND_CVE_2017_5715
        mov     x0, #ERRATA_APPLIES
 #else
        mov     x0, #ERRATA_MISSING
 #endif
        ret
+1:
+       mov     x0, #ERRATA_NOT_APPLIES
+       ret
 endfunc check_errata_cve_2017_5715
 
 #if REPORT_ERRATA

diff --git a/lib/cpus/aarch64/cortex_a75.S b/lib/cpus/aarch64/cortex_a75.S
index 12ea304d00bc95b5f55cd923e2eb7f7b3cabe27f..d10279516786ac0bba74b667c074df45427d4605 100644 (file)
--- a/lib/cpus/aarch64/cortex_a75.S
+++ b/lib/cpus/aarch64/cortex_a75.S
@@ -12,15 +12,7 @@
 
 func cortex_a75_reset_func
 #if IMAGE_BL31 && WORKAROUND_CVE_2017_5715
-       mrs     x0, id_aa64pfr0_el1
-       ubfx    x0, x0, #ID_AA64PFR0_CSV2_SHIFT, #ID_AA64PFR0_CSV2_LENGTH
-       /*
-        * If the field equals to 1 then branch targets trained in one
-        * context cannot affect speculative execution in a different context.
-        */
-       cmp     x0, #1
-       beq     1f
-
+       cpu_check_csv2  x0, 1f
        adr     x0, workaround_bpiall_vbar0_runtime_exceptions
        msr     vbar_el3, x0
 1:
@@ -53,15 +45,7 @@ func cortex_a75_reset_func
 endfunc cortex_a75_reset_func
 
 func check_errata_cve_2017_5715
-       mrs     x0, id_aa64pfr0_el1
-       ubfx    x0, x0, #ID_AA64PFR0_CSV2_SHIFT, #ID_AA64PFR0_CSV2_LENGTH
-       /*
-        * If the field equals to 1 then branch targets trained in one
-        * context cannot affect speculative execution in a different context.
-        */
-       cmp     x0, #1
-       beq     1f
-
+       cpu_check_csv2  x0, 1f
 #if WORKAROUND_CVE_2017_5715
        mov     x0, #ERRATA_APPLIES
 #else