From: Bipin Ravi <bipin.ravi@arm.com>
Date: Thu, 13 Oct 2022 22:25:51 +0000 (-0500)
Subject: fix(security): optimisations for CVE-2022-23960
X-Git-Tag: baikal/aarch64/sdk5.9~72^2
X-Git-Url: https://git.baikalelectronics.ru/sdk/?a=commitdiff_plain;h=e74d658181e5e69b6b5e16b40adc1ffef4c1efb9;p=arm-tf.git

fix(security): optimisations for CVE-2022-23960

Optimised the loop workaround for Spectre_BHB mitigation:
1. use of speculation barrier for cores implementing SB instruction.
2. use str/ldr instead of stp/ldp as the loop uses only X2 register.

Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: I8ac53ea1e42407ad8004c1d59c05f791011f195d
---

diff --git a/include/arch/aarch64/asm_macros.S b/include/arch/aarch64/asm_macros.S
index 7706cd831..66c39e5f1 100644
--- a/include/arch/aarch64/asm_macros.S
+++ b/include/arch/aarch64/asm_macros.S
@@ -214,6 +214,19 @@
 	ret
 	.endm
 
+	/*
+	 * Macro for using speculation barrier instruction introduced by
+	 * FEAT_SB, if it's enabled.
+	 */
+	.macro speculation_barrier
+#if ENABLE_FEAT_SB
+	sb
+#else
+	dsb	sy
+	isb
+#endif
+	.endm
+
 	/*
 	 * Macro for mitigating against speculative execution beyond ERET. Uses the
 	 * speculation barrier instruction introduced by FEAT_SB, if it's enabled.
diff --git a/lib/cpus/aarch64/wa_cve_2022_23960_bhb.S b/lib/cpus/aarch64/wa_cve_2022_23960_bhb.S
index e0e41cc47..ceb93f139 100644
--- a/lib/cpus/aarch64/wa_cve_2022_23960_bhb.S
+++ b/lib/cpus/aarch64/wa_cve_2022_23960_bhb.S
@@ -9,11 +9,11 @@
 #if WORKAROUND_CVE_2022_23960
 	/*
 	 * This macro applies the mitigation for CVE-2022-23960.
-         * The macro saves x2-x3 to the CPU context.
+         * The macro saves x2 to the CPU context.
          * SP should point to the CPU context.
 	 */
 	.macro	apply_cve_2022_23960_bhb_wa _bhb_loop_count
-	stp	x2, x3, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X2]
+	str	x2, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X2]
 
 	/* CVE-BHB-NUM loop count */
 	mov	x2, \_bhb_loop_count
@@ -24,8 +24,7 @@
 2:
 	subs	x2, x2, #1
 	bne	1b
-	dsb	sy
-	isb
-	ldp	x2, x3, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X2]
+	speculation_barrier
+	ldr	x2, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X2]
 	.endm
 #endif /* WORKAROUND_CVE_2022_23960 */