diff options
author | Jeenu Viswambharan <jeenu.viswambharan@arm.com> | 2018-11-15 11:38:03 +0000 |
---|---|---|
committer | Jeenu Viswambharan <jeenu.viswambharan@arm.com> | 2018-12-10 14:28:58 +0000 |
commit | 48e1d350a0021a9a2f7e34041f28273dee9eb885 (patch) | |
tree | 090c159d164bcb90c44b2e0101fc844a3754808f /services | |
parent | 19b56cf4a2251e5ffcab41cdd6dd8449f8b1402a (diff) |
AArch64: Use SSBS for CVE_2018_3639 mitigation
The Armv8.5 extensions introduces PSTATE.SSBS (Speculation Store Bypass
Safe) bit to mitigate against Variant 4 vulnerabilities. Although an
Armv8.5 feature, this can be implemented by CPUs implementing earlier
version of the architecture.
With this patch, when both PSTATE.SSBS is implemented and
DYNAMIC_WORKAROUND_CVE_2018_3639 is active, querying for
SMCCC_ARCH_WORKAROUND_2 via. SMCCC_ARCH_FEATURES call would return 1 to
indicate that mitigation on the PE is either permanently enabled or not
required.
When SSBS is implemented, SCTLR_EL3.DSSBS is initialized to 0 at reset
of every BL stage. This means that EL3 always executes with mitigation
applied.
For Cortex A76, if the PE implements SSBS, the existing mitigation (by
using a different vector table, and tweaking CPU ACTLR2) is not used.
Change-Id: Ib0386c5714184144d4747951751c2fc6ba4242b6
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
Diffstat (limited to 'services')
-rw-r--r-- | services/arm_arch_svc/arm_arch_svc_setup.c | 24 |
1 files changed, 23 insertions, 1 deletions
diff --git a/services/arm_arch_svc/arm_arch_svc_setup.c b/services/arm_arch_svc/arm_arch_svc_setup.c index 45c4704e..3a5299fd 100644 --- a/services/arm_arch_svc/arm_arch_svc_setup.c +++ b/services/arm_arch_svc/arm_arch_svc_setup.c @@ -30,9 +30,27 @@ static int32_t smccc_arch_features(u_register_t arg) return 1; return 0; /* ERRATA_APPLIES || ERRATA_MISSING */ #endif + #if WORKAROUND_CVE_2018_3639 - case SMCCC_ARCH_WORKAROUND_2: + case SMCCC_ARCH_WORKAROUND_2: { #if DYNAMIC_WORKAROUND_CVE_2018_3639 + unsigned long long ssbs; + + /* + * Firmware doesn't have to carry out dynamic workaround if the + * PE implements architectural Speculation Store Bypass Safe + * (SSBS) feature. + */ + ssbs = (read_id_aa64pfr0_el1() >> ID_AA64PFR1_EL1_SSBS_SHIFT) & + ID_AA64PFR1_EL1_SSBS_MASK; + + /* + * If architectural SSBS is available on this PE, no firmware + * mitigation via SMCCC_ARCH_WORKAROUND_2 is required. + */ + if (ssbs != SSBS_UNAVAILABLE) + return 1; + /* * On a platform where at least one CPU requires * dynamic mitigation but others are either unaffected @@ -50,7 +68,11 @@ static int32_t smccc_arch_features(u_register_t arg) /* Either the CPUs are unaffected or permanently mitigated */ return SMCCC_ARCH_NOT_REQUIRED; #endif + } #endif + + /* Fallthrough */ + default: return SMC_UNK; } |