Use PFR0 to identify need for mitigation of CVE-2017-5915

If the CSV2 field reads as 1 then branch targets trained in one
context cannot affect speculative execution in a different context.
In that case skip the workaround on Cortex A75.

Change-Id: I4d5504cba516a67311fb5f0657b08f72909cbd38
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>

diff --git a/include/lib/aarch64/arch.h b/include/lib/aarch64/arch.h
index 13a8c797745d29fbebcb1c56e4b8816aee8291ce..7f3e9faadb6a698eb0ea419bf181e89febe3553f 100644 (file)
--- a/include/lib/aarch64/arch.h
+++ b/include/lib/aarch64/arch.h
@@ -117,6 +117,9 @@
 #define ID_AA64PFR0_SVE_SHIFT  U(32)
 #define ID_AA64PFR0_SVE_MASK   U(0xf)
 #define ID_AA64PFR0_SVE_LENGTH U(4)
+#define ID_AA64PFR0_CSV2_SHIFT U(56)
+#define ID_AA64PFR0_CSV2_MASK  U(0xf)
+#define ID_AA64PFR0_CSV2_LENGTH        U(4)
 
 /* ID_AA64DFR0_EL1.PMS definitions (for ARMv8.2+) */
 #define ID_AA64DFR0_PMS_SHIFT  U(32)

diff --git a/lib/cpus/aarch64/cortex_a75.S b/lib/cpus/aarch64/cortex_a75.S
index 1a9d9049129e6d2a26ec5276574aba1a0b6fb3d5..9b54b48f7d54d12504ea285319533929d53c7441 100644 (file)
--- a/lib/cpus/aarch64/cortex_a75.S
+++ b/lib/cpus/aarch64/cortex_a75.S
@@ -13,8 +13,18 @@
 
 func cortex_a75_reset_func
 #if IMAGE_BL31 && WORKAROUND_CVE_2017_5715
+       mrs     x0, id_aa64pfr0_el1
+       ubfx    x0, x0, #ID_AA64PFR0_CSV2_SHIFT, #ID_AA64PFR0_CSV2_LENGTH
+       /*
+        * If the field equals to 1 then branch targets trained in one
+        * context cannot affect speculative execution in a different context.
+        */
+       cmp     x0, #1
+       beq     1f
+
        adr     x0, workaround_bpiall_vbar0_runtime_exceptions
        msr     vbar_el3, x0
+1:
 #endif
 
 #if ENABLE_AMU