Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP5:Update
arm-trusted-firmware
0005-fix-security-workaround-for-CVE-2022-23960...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0005-fix-security-workaround-for-CVE-2022-23960-for-Corte.patch of Package arm-trusted-firmware
From 6d23d523a55f10394e96802ab9d7c981d3b4bc9f Mon Sep 17 00:00:00 2001 From: Bipin Ravi <bipin.ravi@arm.com> Date: Tue, 15 Feb 2022 23:24:51 -0600 Subject: [PATCH 5/6] fix(security): workaround for CVE-2022-23960 for Cortex-A57, Cortex-A72 Implements mitigation for Cortex-A72 CPU versions that support the CSV2 feature(from r1p0). It also applies the mitigation for Cortex-A57 CPU. Signed-off-by: Bipin Ravi <bipin.ravi@arm.com> Change-Id: I7cfcf06537710f144f6e849992612033ddd79d33 --- include/lib/cpus/aarch64/cortex_a72.h | 5 +++- lib/cpus/aarch64/cortex_a57.S | 17 ++++++++++++- lib/cpus/aarch64/cortex_a72.S | 36 ++++++++++++++++++++++++--- 3 files changed, 53 insertions(+), 5 deletions(-) diff --git a/include/lib/cpus/aarch64/cortex_a72.h b/include/lib/cpus/aarch64/cortex_a72.h index 28b440e19..17776458b 100644 --- a/include/lib/cpus/aarch64/cortex_a72.h +++ b/include/lib/cpus/aarch64/cortex_a72.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015-2019, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2015-2022, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -12,6 +12,9 @@ /* Cortex-A72 midr for revision 0 */ #define CORTEX_A72_MIDR U(0x410FD080) +/* Cortex-A72 loop count for CVE-2022-23960 mitigation */ +#define CORTEX_A72_BHB_LOOP_COUNT U(8) + /******************************************************************************* * CPU Extended Control register specific definitions. ******************************************************************************/ diff --git a/lib/cpus/aarch64/cortex_a57.S b/lib/cpus/aarch64/cortex_a57.S index 8ef0f922a..4120f119e 100644 --- a/lib/cpus/aarch64/cortex_a57.S +++ b/lib/cpus/aarch64/cortex_a57.S @@ -470,7 +470,12 @@ func cortex_a57_reset_func bl errata_a57_859972_wa #endif -#if IMAGE_BL31 && WORKAROUND_CVE_2017_5715 +#if IMAGE_BL31 && ( WORKAROUND_CVE_2017_5715 || WORKAROUND_CVE_2022_23960 ) + /* --------------------------------------------------------------- + * Override vector table & enable existing workaround if either of + * the build flags are enabled + * --------------------------------------------------------------- + */ adr x0, wa_cve_2017_5715_mmu_vbar msr vbar_el3, x0 /* isb will be performed before returning from this function */ @@ -506,6 +511,15 @@ func cortex_a57_reset_func ret x19 endfunc cortex_a57_reset_func +func check_errata_cve_2022_23960 +#if WORKAROUND_CVE_2022_23960 + mov x0, #ERRATA_APPLIES +#else + mov x0, #ERRATA_MISSING +#endif + ret +endfunc check_errata_cve_2022_23960 + /* ---------------------------------------------------- * The CPU Ops core power down function for Cortex-A57. * ---------------------------------------------------- @@ -630,6 +644,7 @@ func cortex_a57_errata_report report_errata ERRATA_A57_1319537, cortex_a57, 1319537 report_errata WORKAROUND_CVE_2017_5715, cortex_a57, cve_2017_5715 report_errata WORKAROUND_CVE_2018_3639, cortex_a57, cve_2018_3639 + report_errata WORKAROUND_CVE_2022_23960, cortex_a57, cve_2022_23960 ldp x8, x30, [sp], #16 ret diff --git a/lib/cpus/aarch64/cortex_a72.S b/lib/cpus/aarch64/cortex_a72.S index aff6072a0..3dc44805e 100644 --- a/lib/cpus/aarch64/cortex_a72.S +++ b/lib/cpus/aarch64/cortex_a72.S @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2015-2022, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -9,6 +9,11 @@ #include <cortex_a72.h> #include <cpu_macros.S> #include <plat_macros.S> +#include "wa_cve_2022_23960_bhb_vector.S" + +#if WORKAROUND_CVE_2022_23960 + wa_cve_2022_23960_bhb_vector_table CORTEX_A72_BHB_LOOP_COUNT, cortex_a72 +#endif /* WORKAROUND_CVE_2022_23960 */ /* --------------------------------------------- * Disable L1 data cache and unified L2 cache @@ -133,6 +138,15 @@ func check_errata_1319367 ret endfunc check_errata_1319367 +func check_errata_cve_2022_23960 +#if WORKAROUND_CVE_2022_23960 + mov x0, #ERRATA_APPLIES +#else + mov x0, #ERRATA_MISSING +#endif + ret +endfunc check_errata_cve_2022_23960 + /* ------------------------------------------------- * The CPU Ops reset function for Cortex-A72. * ------------------------------------------------- @@ -147,13 +161,28 @@ func cortex_a72_reset_func bl errata_a72_859971_wa #endif -#if IMAGE_BL31 && WORKAROUND_CVE_2017_5715 +#if IMAGE_BL31 && (WORKAROUND_CVE_2017_5715 || WORKAROUND_CVE_2022_23960) cpu_check_csv2 x0, 1f adr x0, wa_cve_2017_5715_mmu_vbar msr vbar_el3, x0 /* isb will be performed before returning from this function */ + + /* Skip CVE_2022_23960 mitigation if cve_2017_5715 mitigation applied */ + b 2f 1: -#endif +#if WORKAROUND_CVE_2022_23960 + /* + * The Cortex-A72 generic vectors are overridden to apply the + * mitigation on exception entry from lower ELs for revisions >= r1p0 + * which has CSV2 implemented. + */ + adr x0, wa_cve_vbar_cortex_a72 + msr vbar_el3, x0 + + /* isb will be performed before returning from this function */ +#endif /* WORKAROUND_CVE_2022_23960 */ +2: +#endif /* IMAGE_BL31 && (WORKAROUND_CVE_2017_5715 || WORKAROUND_CVE_2022_23960) */ #if WORKAROUND_CVE_2018_3639 mrs x0, CORTEX_A72_CPUACTLR_EL1 @@ -299,6 +328,7 @@ func cortex_a72_errata_report report_errata ERRATA_A72_1319367, cortex_a72, 1319367 report_errata WORKAROUND_CVE_2017_5715, cortex_a72, cve_2017_5715 report_errata WORKAROUND_CVE_2018_3639, cortex_a72, cve_2018_3639 + report_errata WORKAROUND_CVE_2022_23960, cortex_a72, cve_2022_23960 ldp x8, x30, [sp], #16 ret -- 2.26.2
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor