lib/cpus/aarch64/wa_cve_2017_5715_mmu.S

   1 /*
   2  * Copyright (c) 2017-2018, ARM Limited and Contributors. All rights reserved.
   3  *
   4  * SPDX-License-Identifier: BSD-3-Clause
   5  */
   6
   7 #include <arch.h>
   8 #include <asm_macros.S>
   9 #include <context.h>
  10 #include <services/arm_arch_svc.h>
  11
  12         .globl  wa_cve_2017_5715_mmu_vbar
  13
  14 #define ESR_EL3_A64_SMC0        0x5e000000
  15 #define ESR_EL3_A32_SMC0        0x4e000000
  16
  17 vector_base wa_cve_2017_5715_mmu_vbar
  18
  19         .macro  apply_cve_2017_5715_wa _is_sync_exception _esr_el3_val
  20         stp     x0, x1, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X0]
  21         mrs     x1, sctlr_el3
  22         /* Disable MMU */
  23         bic     x1, x1, #SCTLR_M_BIT
  24         msr     sctlr_el3, x1
  25         isb
  26         /* Enable MMU */
  27         orr     x1, x1, #SCTLR_M_BIT
  28         msr     sctlr_el3, x1
  29         /*
  30          * Defer ISB to avoid synchronizing twice in case we hit
  31          * the workaround SMC call which will implicitly synchronize
  32          * because of the ERET instruction.
  33          */
  34
  35         /*
  36          * Ensure SMC is coming from A64/A32 state on #0
  37          * with W0 = SMCCC_ARCH_WORKAROUND_1
  38          *
  39          * This sequence evaluates as:
  40          *    (W0==SMCCC_ARCH_WORKAROUND_1) ? (ESR_EL3==SMC#0) : (NE)
  41          * allowing use of a single branch operation
  42          */
  43         .if \_is_sync_exception
  44                 orr     w1, wzr, #SMCCC_ARCH_WORKAROUND_1
  45                 cmp     w0, w1
  46                 mrs     x0, esr_el3
  47                 mov_imm w1, \_esr_el3_val
  48                 ccmp    w0, w1, #0, eq
  49                 /* Static predictor will predict a fall through */
  50                 bne     1f
  51                 eret
  52 1:
  53         .endif
  54
  55         /*
  56          * Synchronize now to enable the MMU.  This is required
  57          * to ensure the load pair below reads the data stored earlier.
  58          */
  59         isb
  60         ldp     x0, x1, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X0]
  61         .endm
  62
  63         /* ---------------------------------------------------------------------
  64          * Current EL with SP_EL0 : 0x0 - 0x200
  65          * ---------------------------------------------------------------------
  66          */
  67 vector_entry mmu_sync_exception_sp_el0
  68         b       sync_exception_sp_el0
  69 end_vector_entry mmu_sync_exception_sp_el0
  70
  71 vector_entry mmu_irq_sp_el0
  72         b       irq_sp_el0
  73 end_vector_entry mmu_irq_sp_el0
  74
  75 vector_entry mmu_fiq_sp_el0
  76         b       fiq_sp_el0
  77 end_vector_entry mmu_fiq_sp_el0
  78
  79 vector_entry mmu_serror_sp_el0
  80         b       serror_sp_el0
  81 end_vector_entry mmu_serror_sp_el0
  82
  83         /* ---------------------------------------------------------------------
  84          * Current EL with SP_ELx: 0x200 - 0x400
  85          * ---------------------------------------------------------------------
  86          */
  87 vector_entry mmu_sync_exception_sp_elx
  88         b       sync_exception_sp_elx
  89 end_vector_entry mmu_sync_exception_sp_elx
  90
  91 vector_entry mmu_irq_sp_elx
  92         b       irq_sp_elx
  93 end_vector_entry mmu_irq_sp_elx
  94
  95 vector_entry mmu_fiq_sp_elx
  96         b       fiq_sp_elx
  97 end_vector_entry mmu_fiq_sp_elx
  98
  99 vector_entry mmu_serror_sp_elx
 100         b       serror_sp_elx
 101 end_vector_entry mmu_serror_sp_elx
 102
 103         /* ---------------------------------------------------------------------
 104          * Lower EL using AArch64 : 0x400 - 0x600
 105          * ---------------------------------------------------------------------
 106          */
 107 vector_entry mmu_sync_exception_aarch64
 108         apply_cve_2017_5715_wa _is_sync_exception=1 _esr_el3_val=ESR_EL3_A64_SMC0
 109         b       sync_exception_aarch64
 110 end_vector_entry mmu_sync_exception_aarch64
 111
 112 vector_entry mmu_irq_aarch64
 113         apply_cve_2017_5715_wa _is_sync_exception=0 _esr_el3_val=ESR_EL3_A64_SMC0
 114         b       irq_aarch64
 115 end_vector_entry mmu_irq_aarch64
 116
 117 vector_entry mmu_fiq_aarch64
 118         apply_cve_2017_5715_wa _is_sync_exception=0 _esr_el3_val=ESR_EL3_A64_SMC0
 119         b       fiq_aarch64
 120 end_vector_entry mmu_fiq_aarch64
 121
 122 vector_entry mmu_serror_aarch64
 123         apply_cve_2017_5715_wa _is_sync_exception=0 _esr_el3_val=ESR_EL3_A64_SMC0
 124         b       serror_aarch64
 125 end_vector_entry mmu_serror_aarch64
 126
 127         /* ---------------------------------------------------------------------
 128          * Lower EL using AArch32 : 0x600 - 0x800
 129          * ---------------------------------------------------------------------
 130          */
 131 vector_entry mmu_sync_exception_aarch32
 132         apply_cve_2017_5715_wa _is_sync_exception=1 _esr_el3_val=ESR_EL3_A32_SMC0
 133         b       sync_exception_aarch32
 134 end_vector_entry mmu_sync_exception_aarch32
 135
 136 vector_entry mmu_irq_aarch32
 137         apply_cve_2017_5715_wa _is_sync_exception=0 _esr_el3_val=ESR_EL3_A32_SMC0
 138         b       irq_aarch32
 139 end_vector_entry mmu_irq_aarch32
 140
 141 vector_entry mmu_fiq_aarch32
 142         apply_cve_2017_5715_wa _is_sync_exception=0 _esr_el3_val=ESR_EL3_A32_SMC0
 143         b       fiq_aarch32
 144 end_vector_entry mmu_fiq_aarch32
 145
 146 vector_entry mmu_serror_aarch32
 147         apply_cve_2017_5715_wa _is_sync_exception=0 _esr_el3_val=ESR_EL3_A32_SMC0
 148         b       serror_aarch32
 149 end_vector_entry mmu_serror_aarch32