fix(security): optimisations for CVE-2022-23960
Optimised the loop workaround for Spectre_BHB mitigation:
1. use of speculation barrier for cores implementing SB instruction.
2. use str/ldr instead of stp/ldp as the loop uses only X2 register.
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: I8ac53ea1e42407ad8004c1d59c05f791011f195d
diff --git a/lib/cpus/aarch64/wa_cve_2022_23960_bhb.S b/lib/cpus/aarch64/wa_cve_2022_23960_bhb.S
index e0e41cc..ceb93f1 100644
--- a/lib/cpus/aarch64/wa_cve_2022_23960_bhb.S
+++ b/lib/cpus/aarch64/wa_cve_2022_23960_bhb.S
@@ -9,11 +9,11 @@
#if WORKAROUND_CVE_2022_23960
/*
* This macro applies the mitigation for CVE-2022-23960.
- * The macro saves x2-x3 to the CPU context.
+ * The macro saves x2 to the CPU context.
* SP should point to the CPU context.
*/
.macro apply_cve_2022_23960_bhb_wa _bhb_loop_count
- stp x2, x3, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X2]
+ str x2, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X2]
/* CVE-BHB-NUM loop count */
mov x2, \_bhb_loop_count
@@ -24,8 +24,7 @@
2:
subs x2, x2, #1
bne 1b
- dsb sy
- isb
- ldp x2, x3, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X2]
+ speculation_barrier
+ ldr x2, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X2]
.endm
#endif /* WORKAROUND_CVE_2022_23960 */