SDEI: Ensure SDEI handler executes with CVE-2018-3639 mitigation enabled

author Dimitris Papastamos <dimitris.papastamos@arm.com>

Thu, 7 Jun 2018 10:29:15 +0000 (11:29 +0100)

committer Dimitris Papastamos <dimitris.papastamos@arm.com>

Fri, 8 Jun 2018 10:46:31 +0000 (11:46 +0100)
author Dimitris Papastamos <dimitris.papastamos@arm.com>
Thu, 7 Jun 2018 10:29:15 +0000 (11:29 +0100)
committer Dimitris Papastamos <dimitris.papastamos@arm.com>
Fri, 8 Jun 2018 10:46:31 +0000 (11:46 +0100)
diff --git a/include/lib/el3_runtime/aarch64/context.h b/include/lib/el3_runtime/aarch64/context.h

index a4f3ea1bbe4e1f04acf3d1b49faf3a941b6e5b0b..a2ce9f8284e21e1818560a3b32bb942a0e5f09f9 100644 (file)
--- a/include/lib/el3_runtime/aarch64/context.h
+++ b/include/lib/el3_runtime/aarch64/context.h
@@ -271,6 +271,7 @@ typedef struct cpu_context {
  #endif
  #define get_sysregs_ctx(h)     (&((cpu_context_t *) h)->sysregs_ctx)
  #define get_gpregs_ctx(h)      (&((cpu_context_t *) h)->gpregs_ctx)
+#define get_cve_2018_3639_ctx(h)       (&((cpu_context_t *) h)->cve_2018_3639_ctx)
  
  /*
   * Compile time assertions related to the 'cpu_context' structure to
diff --git a/services/std_svc/sdei/sdei_intr_mgmt.c b/services/std_svc/sdei/sdei_intr_mgmt.c

index 2717ea43bd5a60f4b0ac825de92338d101d4e191..c0bd9de6bf87ff8641f3a7c9eb15c8d45f85501d 100644 (file)
--- a/services/std_svc/sdei/sdei_intr_mgmt.c
+++ b/services/std_svc/sdei/sdei_intr_mgmt.c
@@ -39,6 +39,11 @@ typedef struct sdei_dispatch_context {
         /* Exception state registers */
         uint64_t elr_el3;
         uint64_t spsr_el3;
+
+#if DYNAMIC_WORKAROUND_CVE_2018_3639
+       /* CVE-2018-3639 mitigation state */
+       uint64_t disable_cve_2018_3639;
+#endif
  } sdei_dispatch_context_t;
  
  /* Per-CPU SDEI state data */
@@ -170,6 +175,18 @@ static void save_event_ctx(sdei_ev_map_t *map, void *tgt_ctx, int sec_state,
         memcpy(disp_ctx->x, tgt_gpregs, sizeof(disp_ctx->x));
         disp_ctx->spsr_el3 = read_ctx_reg(tgt_el3, CTX_SPSR_EL3);
         disp_ctx->elr_el3 = read_ctx_reg(tgt_el3, CTX_ELR_EL3);
+
+#if DYNAMIC_WORKAROUND_CVE_2018_3639
+       cve_2018_3639_t *tgt_cve_2018_3639;
+       tgt_cve_2018_3639 = get_cve_2018_3639_ctx(tgt_ctx);
+
+       /* Save CVE-2018-3639 mitigation state */
+       disp_ctx->disable_cve_2018_3639 = read_ctx_reg(tgt_cve_2018_3639,
+               CTX_CVE_2018_3639_DISABLE);
+
+       /* Force SDEI handler to execute with mitigation enabled by default */
+       write_ctx_reg(tgt_cve_2018_3639, CTX_CVE_2018_3639_DISABLE, 0);
+#endif
  }
  
  static void restore_event_ctx(sdei_dispatch_context_t *disp_ctx, void *tgt_ctx)
@@ -188,6 +205,15 @@ static void restore_event_ctx(sdei_dispatch_context_t *disp_ctx, void *tgt_ctx)
         memcpy(tgt_gpregs, disp_ctx->x, sizeof(disp_ctx->x));
         write_ctx_reg(tgt_el3, CTX_SPSR_EL3, disp_ctx->spsr_el3);
         write_ctx_reg(tgt_el3, CTX_ELR_EL3, disp_ctx->elr_el3);
+
+#if DYNAMIC_WORKAROUND_CVE_2018_3639
+       cve_2018_3639_t *tgt_cve_2018_3639;
+       tgt_cve_2018_3639 = get_cve_2018_3639_ctx(tgt_ctx);
+
+       /* Restore CVE-2018-3639 mitigation state */
+       write_ctx_reg(tgt_cve_2018_3639, CTX_CVE_2018_3639_DISABLE,
+               disp_ctx->disable_cve_2018_3639);
+#endif
  }
  
  static void save_secure_context(void)
author	Dimitris Papastamos <dimitris.papastamos@arm.com>
	Thu, 7 Jun 2018 10:29:15 +0000 (11:29 +0100)
committer	Dimitris Papastamos <dimitris.papastamos@arm.com>
	Fri, 8 Jun 2018 10:46:31 +0000 (11:46 +0100)
include/lib/el3_runtime/aarch64/context.h		patch \| blob \| history
services/std_svc/sdei/sdei_intr_mgmt.c		patch \| blob \| history