fix(cpus): workaround for CVE-2024-5660 for Neoverse-V1 Implements mitigation for CVE-2024-5660 that affects Neoverse-V1 revisions r0p0, r1p0, r1p1, r1p2. The workaround is to disable the hardware page aggregation at EL3 by setting CPUECTLR_EL1[46] = 1'b1. Public Documentation: https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-5660 Change-Id: Ia59452ea38c66b291790956d7f2880bfcd56d45f Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>

commit: 3d4cc6ec2effca47386b929430631c16ccaaa296 [log] [tgz]
author: Sona Mathew <sonarebecca.mathew@arm.com> Thu May 23 16:04:30 2024 -0500
committer: Sona Mathew <sonarebecca.mathew@arm.com> Tue Dec 17 10:28:09 2024 -0600
tree: cffea7a2106aabd590a96eb218d3b16eccdf941f
parent: 7d68b0c83fddafc0b16df02c6312aad1b80b1e3d [diff]
diff --git a/lib/cpus/aarch64/neoverse_v1.S b/lib/cpus/aarch64/neoverse_v1.S
index 1ec3e94..d1a2c24 100644
--- a/lib/cpus/aarch64/neoverse_v1.S
+++ b/lib/cpus/aarch64/neoverse_v1.S

@@ -26,6 +26,13 @@
 	wa_cve_2022_23960_bhb_vector_table NEOVERSE_V1_BHB_LOOP_COUNT, neoverse_v1
 #endif /* WORKAROUND_CVE_2022_23960 */
 
+/* Disable hardware page aggregation. Enables mitigation for `CVE-2024-5660` */
+workaround_reset_start neoverse_v1, CVE(2024, 5660), WORKAROUND_CVE_2024_5660
+	sysreg_bit_set NEOVERSE_V1_CPUECTLR_EL1, BIT(46)
+workaround_reset_end neoverse_v1, CVE(2024, 5660)
+
+check_erratum_ls neoverse_v1, CVE(2024, 5660), CPU_REV(1, 2)
+
 workaround_reset_start neoverse_v1, ERRATUM(1618635), ERRATA_V1_1618635
 	/* Inserts a DMB SY before and after MRS PAR_EL1 */
 	ldr	x0, =0x0
commit	3d4cc6ec2effca47386b929430631c16ccaaa296	[log] [tgz]
author	Sona Mathew <sonarebecca.mathew@arm.com>	Thu May 23 16:04:30 2024 -0500
committer	Sona Mathew <sonarebecca.mathew@arm.com>	Tue Dec 17 10:28:09 2024 -0600
tree	cffea7a2106aabd590a96eb218d3b16eccdf941f
parent	7d68b0c83fddafc0b16df02c6312aad1b80b1e3d [diff]