From 2c3a10780df3317c004de74fbe85df53daab94e5 Mon Sep 17 00:00:00 2001 From: Dimitris Papastamos Date: Fri, 6 Apr 2018 15:29:34 +0100 Subject: Rename symbols and files relating to CVE-2017-5715 This patch renames symbols and files relating to CVE-2017-5715 to make it easier to introduce new symbols and files for new CVE mitigations. Change-Id: I24c23822862ca73648c772885f1690bed043dbc7 Signed-off-by: Dimitris Papastamos --- bl32/sp_min/sp_min.mk | 4 +- bl32/sp_min/wa_cve_2017_5715_bpiall.S | 74 ++++++++++++++++++++++ bl32/sp_min/wa_cve_2017_5715_icache_inv.S | 75 +++++++++++++++++++++++ bl32/sp_min/workaround_cve_2017_5715_bpiall.S | 74 ---------------------- bl32/sp_min/workaround_cve_2017_5715_icache_inv.S | 75 ----------------------- 5 files changed, 151 insertions(+), 151 deletions(-) create mode 100644 bl32/sp_min/wa_cve_2017_5715_bpiall.S create mode 100644 bl32/sp_min/wa_cve_2017_5715_icache_inv.S delete mode 100644 bl32/sp_min/workaround_cve_2017_5715_bpiall.S delete mode 100644 bl32/sp_min/workaround_cve_2017_5715_icache_inv.S (limited to 'bl32') diff --git a/bl32/sp_min/sp_min.mk b/bl32/sp_min/sp_min.mk index 193b1d5e..6233299d 100644 --- a/bl32/sp_min/sp_min.mk +++ b/bl32/sp_min/sp_min.mk @@ -29,8 +29,8 @@ BL32_SOURCES += lib/extensions/amu/aarch32/amu.c\ endif ifeq (${WORKAROUND_CVE_2017_5715},1) -BL32_SOURCES += bl32/sp_min/workaround_cve_2017_5715_bpiall.S \ - bl32/sp_min/workaround_cve_2017_5715_icache_inv.S +BL32_SOURCES += bl32/sp_min/wa_cve_2017_5715_bpiall.S \ + bl32/sp_min/wa_cve_2017_5715_icache_inv.S endif BL32_LINKERFILE := bl32/sp_min/sp_min.ld.S diff --git a/bl32/sp_min/wa_cve_2017_5715_bpiall.S b/bl32/sp_min/wa_cve_2017_5715_bpiall.S new file mode 100644 index 00000000..385f3d4b --- /dev/null +++ b/bl32/sp_min/wa_cve_2017_5715_bpiall.S @@ -0,0 +1,74 @@ +/* + * Copyright (c) 2018, ARM Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#include + + .globl wa_cve_2017_5715_bpiall_vbar + +vector_base wa_cve_2017_5715_bpiall_vbar + /* We encode the exception entry in the bottom 3 bits of SP */ + add sp, sp, #1 /* Reset: 0b111 */ + add sp, sp, #1 /* Undef: 0b110 */ + add sp, sp, #1 /* Syscall: 0b101 */ + add sp, sp, #1 /* Prefetch abort: 0b100 */ + add sp, sp, #1 /* Data abort: 0b011 */ + add sp, sp, #1 /* Reserved: 0b010 */ + add sp, sp, #1 /* IRQ: 0b001 */ + nop /* FIQ: 0b000 */ + + /* + * Invalidate the branch predictor, `r0` is a dummy register + * and is unused. + */ + stcopr r0, BPIALL + isb + + /* + * As we cannot use any temporary registers and cannot + * clobber SP, we can decode the exception entry using + * an unrolled binary search. + * + * Note, if this code is re-used by other secure payloads, + * the below exception entry vectors must be changed to + * the vectors specific to that secure payload. + */ + + tst sp, #4 + bne 1f + + tst sp, #2 + bne 3f + + /* Expected encoding: 0x1 and 0x0 */ + tst sp, #1 + /* Restore original value of SP by clearing the bottom 3 bits */ + bic sp, sp, #0x7 + bne plat_panic_handler /* IRQ */ + b sp_min_handle_fiq /* FIQ */ + +1: + tst sp, #2 + bne 2f + + /* Expected encoding: 0x4 and 0x5 */ + tst sp, #1 + bic sp, sp, #0x7 + bne sp_min_handle_smc /* Syscall */ + b plat_panic_handler /* Prefetch abort */ + +2: + /* Expected encoding: 0x7 and 0x6 */ + tst sp, #1 + bic sp, sp, #0x7 + bne sp_min_entrypoint /* Reset */ + b plat_panic_handler /* Undef */ + +3: + /* Expected encoding: 0x2 and 0x3 */ + tst sp, #1 + bic sp, sp, #0x7 + bne plat_panic_handler /* Data abort */ + b plat_panic_handler /* Reserved */ diff --git a/bl32/sp_min/wa_cve_2017_5715_icache_inv.S b/bl32/sp_min/wa_cve_2017_5715_icache_inv.S new file mode 100644 index 00000000..d0a46250 --- /dev/null +++ b/bl32/sp_min/wa_cve_2017_5715_icache_inv.S @@ -0,0 +1,75 @@ +/* + * Copyright (c) 2018, ARM Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#include + + .globl wa_cve_2017_5715_icache_inv_vbar + +vector_base wa_cve_2017_5715_icache_inv_vbar + /* We encode the exception entry in the bottom 3 bits of SP */ + add sp, sp, #1 /* Reset: 0b111 */ + add sp, sp, #1 /* Undef: 0b110 */ + add sp, sp, #1 /* Syscall: 0b101 */ + add sp, sp, #1 /* Prefetch abort: 0b100 */ + add sp, sp, #1 /* Data abort: 0b011 */ + add sp, sp, #1 /* Reserved: 0b010 */ + add sp, sp, #1 /* IRQ: 0b001 */ + nop /* FIQ: 0b000 */ + + /* + * Invalidate the instruction cache, which we assume also + * invalidates the branch predictor. This may depend on + * other CPU specific changes (e.g. an ACTLR setting). + */ + stcopr r0, ICIALLU + isb + + /* + * As we cannot use any temporary registers and cannot + * clobber SP, we can decode the exception entry using + * an unrolled binary search. + * + * Note, if this code is re-used by other secure payloads, + * the below exception entry vectors must be changed to + * the vectors specific to that secure payload. + */ + + tst sp, #4 + bne 1f + + tst sp, #2 + bne 3f + + /* Expected encoding: 0x1 and 0x0 */ + tst sp, #1 + /* Restore original value of SP by clearing the bottom 3 bits */ + bic sp, sp, #0x7 + bne plat_panic_handler /* IRQ */ + b sp_min_handle_fiq /* FIQ */ + +1: + /* Expected encoding: 0x4 and 0x5 */ + tst sp, #2 + bne 2f + + tst sp, #1 + bic sp, sp, #0x7 + bne sp_min_handle_smc /* Syscall */ + b plat_panic_handler /* Prefetch abort */ + +2: + /* Expected encoding: 0x7 and 0x6 */ + tst sp, #1 + bic sp, sp, #0x7 + bne sp_min_entrypoint /* Reset */ + b plat_panic_handler /* Undef */ + +3: + /* Expected encoding: 0x2 and 0x3 */ + tst sp, #1 + bic sp, sp, #0x7 + bne plat_panic_handler /* Data abort */ + b plat_panic_handler /* Reserved */ diff --git a/bl32/sp_min/workaround_cve_2017_5715_bpiall.S b/bl32/sp_min/workaround_cve_2017_5715_bpiall.S deleted file mode 100644 index 5387cefc..00000000 --- a/bl32/sp_min/workaround_cve_2017_5715_bpiall.S +++ /dev/null @@ -1,74 +0,0 @@ -/* - * Copyright (c) 2018, ARM Limited and Contributors. All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - */ - -#include - - .globl workaround_bpiall_runtime_exceptions - -vector_base workaround_bpiall_runtime_exceptions - /* We encode the exception entry in the bottom 3 bits of SP */ - add sp, sp, #1 /* Reset: 0b111 */ - add sp, sp, #1 /* Undef: 0b110 */ - add sp, sp, #1 /* Syscall: 0b101 */ - add sp, sp, #1 /* Prefetch abort: 0b100 */ - add sp, sp, #1 /* Data abort: 0b011 */ - add sp, sp, #1 /* Reserved: 0b010 */ - add sp, sp, #1 /* IRQ: 0b001 */ - nop /* FIQ: 0b000 */ - - /* - * Invalidate the branch predictor, `r0` is a dummy register - * and is unused. - */ - stcopr r0, BPIALL - isb - - /* - * As we cannot use any temporary registers and cannot - * clobber SP, we can decode the exception entry using - * an unrolled binary search. - * - * Note, if this code is re-used by other secure payloads, - * the below exception entry vectors must be changed to - * the vectors specific to that secure payload. - */ - - tst sp, #4 - bne 1f - - tst sp, #2 - bne 3f - - /* Expected encoding: 0x1 and 0x0 */ - tst sp, #1 - /* Restore original value of SP by clearing the bottom 3 bits */ - bic sp, sp, #0x7 - bne plat_panic_handler /* IRQ */ - b sp_min_handle_fiq /* FIQ */ - -1: - tst sp, #2 - bne 2f - - /* Expected encoding: 0x4 and 0x5 */ - tst sp, #1 - bic sp, sp, #0x7 - bne sp_min_handle_smc /* Syscall */ - b plat_panic_handler /* Prefetch abort */ - -2: - /* Expected encoding: 0x7 and 0x6 */ - tst sp, #1 - bic sp, sp, #0x7 - bne sp_min_entrypoint /* Reset */ - b plat_panic_handler /* Undef */ - -3: - /* Expected encoding: 0x2 and 0x3 */ - tst sp, #1 - bic sp, sp, #0x7 - bne plat_panic_handler /* Data abort */ - b plat_panic_handler /* Reserved */ diff --git a/bl32/sp_min/workaround_cve_2017_5715_icache_inv.S b/bl32/sp_min/workaround_cve_2017_5715_icache_inv.S deleted file mode 100644 index 9102b02f..00000000 --- a/bl32/sp_min/workaround_cve_2017_5715_icache_inv.S +++ /dev/null @@ -1,75 +0,0 @@ -/* - * Copyright (c) 2018, ARM Limited and Contributors. All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - */ - -#include - - .globl workaround_icache_inv_runtime_exceptions - -vector_base workaround_icache_inv_runtime_exceptions - /* We encode the exception entry in the bottom 3 bits of SP */ - add sp, sp, #1 /* Reset: 0b111 */ - add sp, sp, #1 /* Undef: 0b110 */ - add sp, sp, #1 /* Syscall: 0b101 */ - add sp, sp, #1 /* Prefetch abort: 0b100 */ - add sp, sp, #1 /* Data abort: 0b011 */ - add sp, sp, #1 /* Reserved: 0b010 */ - add sp, sp, #1 /* IRQ: 0b001 */ - nop /* FIQ: 0b000 */ - - /* - * Invalidate the instruction cache, which we assume also - * invalidates the branch predictor. This may depend on - * other CPU specific changes (e.g. an ACTLR setting). - */ - stcopr r0, ICIALLU - isb - - /* - * As we cannot use any temporary registers and cannot - * clobber SP, we can decode the exception entry using - * an unrolled binary search. - * - * Note, if this code is re-used by other secure payloads, - * the below exception entry vectors must be changed to - * the vectors specific to that secure payload. - */ - - tst sp, #4 - bne 1f - - tst sp, #2 - bne 3f - - /* Expected encoding: 0x1 and 0x0 */ - tst sp, #1 - /* Restore original value of SP by clearing the bottom 3 bits */ - bic sp, sp, #0x7 - bne plat_panic_handler /* IRQ */ - b sp_min_handle_fiq /* FIQ */ - -1: - /* Expected encoding: 0x4 and 0x5 */ - tst sp, #2 - bne 2f - - tst sp, #1 - bic sp, sp, #0x7 - bne sp_min_handle_smc /* Syscall */ - b plat_panic_handler /* Prefetch abort */ - -2: - /* Expected encoding: 0x7 and 0x6 */ - tst sp, #1 - bic sp, sp, #0x7 - bne sp_min_entrypoint /* Reset */ - b plat_panic_handler /* Undef */ - -3: - /* Expected encoding: 0x2 and 0x3 */ - tst sp, #1 - bic sp, sp, #0x7 - bne plat_panic_handler /* Data abort */ - b plat_panic_handler /* Reserved */ -- cgit v1.2.3