Gitiles
Code Review Sign In
git01.mediatek.com / filogic / atf / aa00aff6f3c8a998d91f4b32acd053db1e6a5bcd^! / . / services / arm_arch_svc / arm_arch_svc_setup.c
commitaa00aff6f3c8a998d91f4b32acd053db1e6a5bcd[log] [tgz]
authorJeenu Viswambharan <jeenu.viswambharan@arm.com>Thu Nov 15 11:38:03 2018 +0000
committerJeenu Viswambharan <jeenu.viswambharan@arm.com>Mon Dec 10 14:28:58 2018 +0000
tree090c159d164bcb90c44b2e0101fc844a3754808f
parent026ec1fdff37b84ecb9ab1f9cae1910a210f6532 [diff] [blame]
AArch64: Use SSBS for CVE_2018_3639 mitigation

The Armv8.5 extensions introduces PSTATE.SSBS (Speculation Store Bypass
Safe) bit to mitigate against Variant 4 vulnerabilities. Although an
Armv8.5 feature, this can be implemented by CPUs implementing earlier
version of the architecture.

With this patch, when both PSTATE.SSBS is implemented and
DYNAMIC_WORKAROUND_CVE_2018_3639 is active, querying for
SMCCC_ARCH_WORKAROUND_2 via. SMCCC_ARCH_FEATURES call would return 1 to
indicate that mitigation on the PE is either permanently enabled or not
required.

When SSBS is implemented, SCTLR_EL3.DSSBS is initialized to 0 at reset
of every BL stage. This means that EL3 always executes with mitigation
applied.

For Cortex A76, if the PE implements SSBS, the existing mitigation (by
using a different vector table, and tweaking CPU ACTLR2) is not used.

Change-Id: Ib0386c5714184144d4747951751c2fc6ba4242b6
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>

diff --git a/services/arm_arch_svc/arm_arch_svc_setup.c b/services/arm_arch_svc/arm_arch_svc_setup.c
index 45c4704..3a5299f 100644
--- a/services/arm_arch_svc/arm_arch_svc_setup.c
+++ b/services/arm_arch_svc/arm_arch_svc_setup.c

@@ -30,9 +30,27 @@
 			return 1;
 		return 0; /* ERRATA_APPLIES || ERRATA_MISSING */
 #endif
+
 #if WORKAROUND_CVE_2018_3639
-	case SMCCC_ARCH_WORKAROUND_2:
+	case SMCCC_ARCH_WORKAROUND_2: {
 #if DYNAMIC_WORKAROUND_CVE_2018_3639
+		unsigned long long ssbs;
+
+		/*
+		 * Firmware doesn't have to carry out dynamic workaround if the
+		 * PE implements architectural Speculation Store Bypass Safe
+		 * (SSBS) feature.
+		 */
+		ssbs = (read_id_aa64pfr0_el1() >> ID_AA64PFR1_EL1_SSBS_SHIFT) &
+			ID_AA64PFR1_EL1_SSBS_MASK;
+
+		/*
+		 * If architectural SSBS is available on this PE, no firmware
+		 * mitigation via SMCCC_ARCH_WORKAROUND_2 is required.
+		 */
+		if (ssbs != SSBS_UNAVAILABLE)
+			return 1;
+
 		/*
 		 * On a platform where at least one CPU requires
 		 * dynamic mitigation but others are either unaffected
@@ -50,7 +68,11 @@
 		/* Either the CPUs are unaffected or permanently mitigated */
 		return SMCCC_ARCH_NOT_REQUIRED;
 #endif
+	}
 #endif
+
+	/* Fallthrough */
+
 	default:
 		return SMC_UNK;
 	}