aarch32: Implement static workaround for CVE-2018-3639

Implement static mitigation for CVE-2018-3639 on
Cortex A57 and A72.

Change-Id: I83409a16238729b84142b19e258c23737cc1ddc3
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>

diff --git a/include/lib/cpus/aarch32/cortex_a57.h b/include/lib/cpus/aarch32/cortex_a57.h
index 3fac9c7be1a2d0ac669274d1e5dcd4caa9d450e1..18cabe11bbbd0f120b4be7ac7873c03358b90411 100644 (file)
--- a/include/lib/cpus/aarch32/cortex_a57.h
+++ b/include/lib/cpus/aarch32/cortex_a57.h
@@ -44,6 +44,7 @@
 #define CORTEX_A57_CPUACTLR                            p15, 0, c15
 
 #define CORTEX_A57_CPUACTLR_DIS_LOAD_PASS_DMB          (ULL(1) << 59)
+#define CORTEX_A57_CPUACTLR_DIS_LOAD_PASS_STORE                (ULL(1) << 55)
 #define CORTEX_A57_CPUACTLR_GRE_NGRE_AS_NGNRE          (ULL(1) << 54)
 #define CORTEX_A57_CPUACTLR_DIS_OVERREAD               (ULL(1) << 52)
 #define CORTEX_A57_CPUACTLR_NO_ALLOC_WBWA              (ULL(1) << 49)

diff --git a/include/lib/cpus/aarch32/cortex_a72.h b/include/lib/cpus/aarch32/cortex_a72.h
index f7da1f0137f9b9b34e3042b7de33b5bfb88d0276..0331ace7c4a38cd706295fde6873e2ec4e064c9e 100644 (file)
--- a/include/lib/cpus/aarch32/cortex_a72.h
+++ b/include/lib/cpus/aarch32/cortex_a72.h
@@ -32,6 +32,7 @@
 #define CORTEX_A72_CPUACTLR                            p15, 0, c15
 
 #define CORTEX_A72_CPUACTLR_DISABLE_L1_DCACHE_HW_PFTCH (ULL(1) << 56)
+#define CORTEX_A72_CPUACTLR_DIS_LOAD_PASS_STORE                (ULL(1) << 55)
 #define CORTEX_A72_CPUACTLR_NO_ALLOC_WBWA              (ULL(1) << 49)
 #define CORTEX_A72_CPUACTLR_DCC_AS_DCCI                        (ULL(1) << 44)
 #define CORTEX_A72_CPUACTLR_DIS_INSTR_PREFETCH         (ULL(1) << 32)

diff --git a/lib/cpus/aarch32/cortex_a57.S b/lib/cpus/aarch32/cortex_a57.S
index f446bfffaa5459fbefcc45dc8beb70607ea57c54..dff86be7688875915178e8c184240063f9936596 100644 (file)
--- a/lib/cpus/aarch32/cortex_a57.S
+++ b/lib/cpus/aarch32/cortex_a57.S
@@ -337,6 +337,15 @@ func check_errata_cve_2017_5715
        bx      lr
 endfunc check_errata_cve_2017_5715
 
+func check_errata_cve_2018_3639
+#if WORKAROUND_CVE_2018_3639
+       mov     r0, #ERRATA_APPLIES
+#else
+       mov     r0, #ERRATA_MISSING
+#endif
+       bx      lr
+endfunc check_errata_cve_2018_3639
+
        /* -------------------------------------------------
         * The CPU Ops reset function for Cortex-A57.
         * Shall clobber: r0-r6
@@ -392,6 +401,14 @@ func cortex_a57_reset_func
        bl      errata_a57_859972_wa
 #endif
 
+#if WORKAROUND_CVE_2018_3639
+       ldcopr16        r0, r1, CORTEX_A57_CPUACTLR
+       orr64_imm       r0, r1, CORTEX_A57_CPUACTLR_DIS_LOAD_PASS_STORE
+       stcopr16        r0, r1, CORTEX_A57_CPUACTLR
+       isb
+       dsb     sy
+#endif
+
        /* ---------------------------------------------
         * Enable the SMP bit.
         * ---------------------------------------------
@@ -525,6 +542,7 @@ func cortex_a57_errata_report
        report_errata ERRATA_A57_833471, cortex_a57, 833471
        report_errata ERRATA_A57_859972, cortex_a57, 859972
        report_errata WORKAROUND_CVE_2017_5715, cortex_a57, cve_2017_5715
+       report_errata WORKAROUND_CVE_2018_3639, cortex_a57, cve_2018_3639
 
        pop     {r12, lr}
        bx      lr

diff --git a/lib/cpus/aarch32/cortex_a72.S b/lib/cpus/aarch32/cortex_a72.S
index 56e91f5c0147b551282632fe15ccd843bba8a818..3bc3388bc3fce9f231f3fc0aebc7a6adb05fe4dd 100644 (file)
--- a/lib/cpus/aarch32/cortex_a72.S
+++ b/lib/cpus/aarch32/cortex_a72.S
@@ -92,6 +92,15 @@ func check_errata_cve_2017_5715
        bx      lr
 endfunc check_errata_cve_2017_5715
 
+func check_errata_cve_2018_3639
+#if WORKAROUND_CVE_2018_3639
+       mov     r0, #ERRATA_APPLIES
+#else
+       mov     r0, #ERRATA_MISSING
+#endif
+       bx      lr
+endfunc check_errata_cve_2018_3639
+
        /* -------------------------------------------------
         * The CPU Ops reset function for Cortex-A72.
         * -------------------------------------------------
@@ -105,6 +114,15 @@ func cortex_a72_reset_func
        mov     r0, r4
        bl      errata_a72_859971_wa
 #endif
+
+#if WORKAROUND_CVE_2018_3639
+       ldcopr16        r0, r1, CORTEX_A72_CPUACTLR
+       orr64_imm       r0, r1, CORTEX_A72_CPUACTLR_DIS_LOAD_PASS_STORE
+       stcopr16        r0, r1, CORTEX_A72_CPUACTLR
+       isb
+       dsb     sy
+#endif
+
        /* ---------------------------------------------
         * Enable the SMP bit.
         * ---------------------------------------------
@@ -241,6 +259,7 @@ func cortex_a72_errata_report
         */
        report_errata ERRATA_A72_859971, cortex_a72, 859971
        report_errata WORKAROUND_CVE_2017_5715, cortex_a72, cve_2017_5715
+       report_errata WORKAROUND_CVE_2018_3639, cortex_a72, cve_2018_3639
 
        pop     {r12, lr}
        bx      lr