From 780edd86a0b413c3620c5c42fd123a78b5b1587a Mon Sep 17 00:00:00 2001 From: Dimitris Papastamos Date: Tue, 2 Jan 2018 15:53:01 +0000 Subject: [PATCH] Use PFR0 to identify need for mitigation of CVE-2017-5915 If the CSV2 field reads as 1 then branch targets trained in one context cannot affect speculative execution in a different context. In that case skip the workaround on Cortex A75. Change-Id: I4d5504cba516a67311fb5f0657b08f72909cbd38 Signed-off-by: Dimitris Papastamos --- include/lib/aarch64/arch.h | 3 +++ lib/cpus/aarch64/cortex_a75.S | 10 ++++++++++ 2 files changed, 13 insertions(+) diff --git a/include/lib/aarch64/arch.h b/include/lib/aarch64/arch.h index 13a8c7977..7f3e9faad 100644 --- a/include/lib/aarch64/arch.h +++ b/include/lib/aarch64/arch.h @@ -117,6 +117,9 @@ #define ID_AA64PFR0_SVE_SHIFT U(32) #define ID_AA64PFR0_SVE_MASK U(0xf) #define ID_AA64PFR0_SVE_LENGTH U(4) +#define ID_AA64PFR0_CSV2_SHIFT U(56) +#define ID_AA64PFR0_CSV2_MASK U(0xf) +#define ID_AA64PFR0_CSV2_LENGTH U(4) /* ID_AA64DFR0_EL1.PMS definitions (for ARMv8.2+) */ #define ID_AA64DFR0_PMS_SHIFT U(32) diff --git a/lib/cpus/aarch64/cortex_a75.S b/lib/cpus/aarch64/cortex_a75.S index 1a9d90491..9b54b48f7 100644 --- a/lib/cpus/aarch64/cortex_a75.S +++ b/lib/cpus/aarch64/cortex_a75.S @@ -13,8 +13,18 @@ func cortex_a75_reset_func #if IMAGE_BL31 && WORKAROUND_CVE_2017_5715 + mrs x0, id_aa64pfr0_el1 + ubfx x0, x0, #ID_AA64PFR0_CSV2_SHIFT, #ID_AA64PFR0_CSV2_LENGTH + /* + * If the field equals to 1 then branch targets trained in one + * context cannot affect speculative execution in a different context. + */ + cmp x0, #1 + beq 1f + adr x0, workaround_bpiall_vbar0_runtime_exceptions msr vbar_el3, x0 +1: #endif #if ENABLE_AMU -- 2.39.5