]> git.baikalelectronics.ru Git - arm-tf.git/commit
projects / arm-tf.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d6b7980) | patch
SDEI: Ensure SDEI handler executes with CVE-2018-3639 mitigation enabled
authorDimitris Papastamos <dimitris.papastamos@arm.com>
Thu, 7 Jun 2018 10:29:15 +0000 (11:29 +0100)
committerDimitris Papastamos <dimitris.papastamos@arm.com>
Fri, 8 Jun 2018 10:46:31 +0000 (11:46 +0100)
commit6f03bc7753a22485ad2b531a11e96756147facbe
treee411a969ab2cfcabc579b434419a30cf5ada66c0tree | snapshot
parentd6b798097e23bc98814ced8406f4dc63df4078c5commit | diff
SDEI: Ensure SDEI handler executes with CVE-2018-3639 mitigation enabled

When dynamic mitigation is used, the SDEI handler is required to
execute with the mitigation enabled by default, regardless of the
mitigation state for lower ELs.  This means that if the kernel or
hypervisor explicitly disables the mitigation and then later when the
event is dispatched, the dispatcher will remember the mitigation state
for the lower ELs but force the mitigation to be on during the SDEI
handler execution.  When the SDEI handler returns, it will restore the
mitigation state.

This behaviour is described in "Firmware interfaces for mitigating
cache speculation vulnerabilities System Software on Arm Systems"[0].

[0] https://developer.arm.com/cache-speculation-vulnerability-firmware-specification

Change-Id: I8dd60b736be0aa9e832b0f92d67a401fdeb417f4
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
include/lib/el3_runtime/aarch64/context.h diff | blob | history
services/std_svc/sdei/sdei_intr_mgmt.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.