Merge "fix(security): optimisations for CVE-2022-23960" into integration
diff --git a/include/arch/aarch64/asm_macros.S b/include/arch/aarch64/asm_macros.S
index 7706cd8..66c39e5 100644
--- a/include/arch/aarch64/asm_macros.S
+++ b/include/arch/aarch64/asm_macros.S
@@ -215,6 +215,19 @@
.endm
/*
+ * Macro for using speculation barrier instruction introduced by
+ * FEAT_SB, if it's enabled.
+ */
+ .macro speculation_barrier
+#if ENABLE_FEAT_SB
+ sb
+#else
+ dsb sy
+ isb
+#endif
+ .endm
+
+ /*
* Macro for mitigating against speculative execution beyond ERET. Uses the
* speculation barrier instruction introduced by FEAT_SB, if it's enabled.
*/
diff --git a/lib/cpus/aarch64/wa_cve_2022_23960_bhb.S b/lib/cpus/aarch64/wa_cve_2022_23960_bhb.S
index e0e41cc..ceb93f1 100644
--- a/lib/cpus/aarch64/wa_cve_2022_23960_bhb.S
+++ b/lib/cpus/aarch64/wa_cve_2022_23960_bhb.S
@@ -9,11 +9,11 @@
#if WORKAROUND_CVE_2022_23960
/*
* This macro applies the mitigation for CVE-2022-23960.
- * The macro saves x2-x3 to the CPU context.
+ * The macro saves x2 to the CPU context.
* SP should point to the CPU context.
*/
.macro apply_cve_2022_23960_bhb_wa _bhb_loop_count
- stp x2, x3, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X2]
+ str x2, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X2]
/* CVE-BHB-NUM loop count */
mov x2, \_bhb_loop_count
@@ -24,8 +24,7 @@
2:
subs x2, x2, #1
bne 1b
- dsb sy
- isb
- ldp x2, x3, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X2]
+ speculation_barrier
+ ldr x2, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X2]
.endm
#endif /* WORKAROUND_CVE_2022_23960 */