Implement static workaround for CVE-2018-3639 For affected CPUs, this approach enables the mitigation during EL3 initialization, following every PE reset. No mechanism is provided to disable the mitigation at runtime. This approach permanently mitigates the entire software stack and no additional mitigation code is required in other software components. TF-A implements this approach for the following affected CPUs: * Cortex-A57 and Cortex-A72, by setting bit 55 (Disable load pass store) of `CPUACTLR_EL1` (`S3_1_C15_C2_0`). * Cortex-A73, by setting bit 3 of `S3_0_C15_C0_0` (not documented in the Technical Reference Manual (TRM)). * Cortex-A75, by setting bit 35 (reserved in TRM) of `CPUACTLR_EL1` (`S3_0_C15_C1_0`). Additionally, a new SMC interface is implemented to allow software executing in lower ELs to discover whether the system is mitigated against CVE-2018-3639. Refer to "Firmware interfaces for mitigating cache speculation vulnerabilities System Software on Arm Systems"[0] for more information. [0] https://developer.arm.com/cache-speculation-vulnerability-firmware-specification Change-Id: I084aa7c3bc7c26bf2df2248301270f77bed22ceb Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>

commit: e6625ec35824ad45c115fa3c43702bbd5aa05f2c [log] [tgz]
author: Dimitris Papastamos <dimitris.papastamos@arm.com> Thu Apr 05 14:38:26 2018 +0100
committer: Dimitris Papastamos <dimitris.papastamos@arm.com> Wed May 23 12:45:48 2018 +0100
tree: 06c3f43c7cf979d11c86f7270d407d5edfd1d661
parent: 570c06a5f59a1d27d3d94b134e7fb54c6147803e [diff]
diff --git a/lib/cpus/aarch64/cortex_a57.S b/lib/cpus/aarch64/cortex_a57.S
index 8470c6c..721bb49 100644
--- a/lib/cpus/aarch64/cortex_a57.S
+++ b/lib/cpus/aarch64/cortex_a57.S

@@ -337,6 +337,15 @@
 	ret
 endfunc check_errata_cve_2017_5715
 
+func check_errata_cve_2018_3639
+#if WORKAROUND_CVE_2018_3639
+	mov	x0, #ERRATA_APPLIES
+#else
+	mov	x0, #ERRATA_MISSING
+#endif
+	ret
+endfunc check_errata_cve_2018_3639
+
 	/* -------------------------------------------------
 	 * The CPU Ops reset function for Cortex-A57.
 	 * Shall clobber: x0-x19
@@ -397,6 +406,14 @@
 	msr	vbar_el3, x0
 #endif
 
+#if WORKAROUND_CVE_2018_3639
+	mrs	x0, CORTEX_A57_CPUACTLR_EL1
+	orr	x0, x0, #CORTEX_A57_CPUACTLR_EL1_DIS_LOAD_PASS_STORE
+	msr	CORTEX_A57_CPUACTLR_EL1, x0
+	isb
+	dsb	sy
+#endif
+
 	/* ---------------------------------------------
 	 * Enable the SMP bit.
 	 * ---------------------------------------------
@@ -528,6 +545,7 @@
 	report_errata ERRATA_A57_833471, cortex_a57, 833471
 	report_errata ERRATA_A57_859972, cortex_a57, 859972
 	report_errata WORKAROUND_CVE_2017_5715, cortex_a57, cve_2017_5715
+	report_errata WORKAROUND_CVE_2018_3639, cortex_a57, cve_2018_3639
 
 	ldp	x8, x30, [sp], #16
 	ret

diff --git a/lib/cpus/aarch64/cortex_a72.S b/lib/cpus/aarch64/cortex_a72.S
index b67c987..6ef35cf 100644
--- a/lib/cpus/aarch64/cortex_a72.S
+++ b/lib/cpus/aarch64/cortex_a72.S

@@ -110,6 +110,15 @@
 	ret
 endfunc check_errata_cve_2017_5715
 
+func check_errata_cve_2018_3639
+#if WORKAROUND_CVE_2018_3639
+	mov	x0, #ERRATA_APPLIES
+#else
+	mov	x0, #ERRATA_MISSING
+#endif
+	ret
+endfunc check_errata_cve_2018_3639
+
 	/* -------------------------------------------------
 	 * The CPU Ops reset function for Cortex-A72.
 	 * -------------------------------------------------
@@ -131,6 +140,14 @@
 1:
 #endif
 
+#if WORKAROUND_CVE_2018_3639
+	mrs	x0, CORTEX_A72_CPUACTLR_EL1
+	orr	x0, x0, #CORTEX_A72_CPUACTLR_EL1_DIS_LOAD_PASS_STORE
+	msr	CORTEX_A72_CPUACTLR_EL1, x0
+	isb
+	dsb	sy
+#endif
+
 	/* ---------------------------------------------
 	 * Enable the SMP bit.
 	 * ---------------------------------------------
@@ -265,6 +282,7 @@
 	 */
 	report_errata ERRATA_A72_859971, cortex_a72, 859971
 	report_errata WORKAROUND_CVE_2017_5715, cortex_a72, cve_2017_5715
+	report_errata WORKAROUND_CVE_2018_3639, cortex_a72, cve_2018_3639
 
 	ldp	x8, x30, [sp], #16
 	ret

diff --git a/lib/cpus/aarch64/cortex_a73.S b/lib/cpus/aarch64/cortex_a73.S
index c66067d..2dbd515 100644
--- a/lib/cpus/aarch64/cortex_a73.S
+++ b/lib/cpus/aarch64/cortex_a73.S

@@ -43,6 +43,13 @@
 1:
 #endif
 
+#if WORKAROUND_CVE_2018_3639
+	mrs	x0, CORTEX_A73_IMP_DEF_REG1
+	orr	x0, x0, #CORTEX_A73_IMP_DEF_REG1_DISABLE_LOAD_PASS_STORE
+	msr	CORTEX_A73_IMP_DEF_REG1, x0
+	isb
+#endif
+
 	/* ---------------------------------------------
 	 * Enable the SMP bit.
 	 * Clobbers : x0
@@ -129,6 +136,15 @@
 	ret
 endfunc check_errata_cve_2017_5715
 
+func check_errata_cve_2018_3639
+#if WORKAROUND_CVE_2018_3639
+	mov	x0, #ERRATA_APPLIES
+#else
+	mov	x0, #ERRATA_MISSING
+#endif
+	ret
+endfunc check_errata_cve_2018_3639
+
 #if REPORT_ERRATA
 /*
  * Errata printing function for Cortex A75. Must follow AAPCS.
@@ -144,6 +160,7 @@
 	 * checking functions of each errata.
 	 */
 	report_errata WORKAROUND_CVE_2017_5715, cortex_a73, cve_2017_5715
+	report_errata WORKAROUND_CVE_2018_3639, cortex_a73, cve_2018_3639
 
 	ldp	x8, x30, [sp], #16
 	ret

diff --git a/lib/cpus/aarch64/cortex_a75.S b/lib/cpus/aarch64/cortex_a75.S
index f92e4ed..9cc2c01 100644
--- a/lib/cpus/aarch64/cortex_a75.S
+++ b/lib/cpus/aarch64/cortex_a75.S

@@ -18,6 +18,13 @@
 1:
 #endif
 
+#if WORKAROUND_CVE_2018_3639
+	mrs	x0, CORTEX_A75_CPUACTLR_EL1
+	orr	x0, x0, #CORTEX_A75_CPUACTLR_EL1_DISABLE_LOAD_PASS_STORE
+	msr	CORTEX_A75_CPUACTLR_EL1, x0
+	isb
+#endif
+
 #if ENABLE_AMU
 	/* Make sure accesses from EL0/EL1 and EL2 are not trapped to EL3 */
 	mrs	x0, actlr_el3
@@ -57,6 +64,15 @@
 	ret
 endfunc check_errata_cve_2017_5715
 
+func check_errata_cve_2018_3639
+#if WORKAROUND_CVE_2018_3639
+	mov	x0, #ERRATA_APPLIES
+#else
+	mov	x0, #ERRATA_MISSING
+#endif
+	ret
+endfunc check_errata_cve_2018_3639
+
 	/* ---------------------------------------------
 	 * HW will do the cache maintenance while powering down
 	 * ---------------------------------------------
@@ -88,6 +104,7 @@
 	 * checking functions of each errata.
 	 */
 	report_errata WORKAROUND_CVE_2017_5715, cortex_a75, cve_2017_5715
+	report_errata WORKAROUND_CVE_2018_3639, cortex_a75, cve_2018_3639
 
 	ldp	x8, x30, [sp], #16
 	ret

diff --git a/lib/cpus/cpu-ops.mk b/lib/cpus/cpu-ops.mk
index 3ba8c1f..31cd837 100644
--- a/lib/cpus/cpu-ops.mk
+++ b/lib/cpus/cpu-ops.mk

@@ -17,6 +17,7 @@
 A57_DISABLE_NON_TEMPORAL_HINT	?=1
 
 WORKAROUND_CVE_2017_5715	?=1
+WORKAROUND_CVE_2018_3639	?=1
 
 # Process SKIP_A57_L1_FLUSH_PWR_DWN flag
 $(eval $(call assert_boolean,SKIP_A57_L1_FLUSH_PWR_DWN))
@@ -34,6 +35,10 @@
 $(eval $(call assert_boolean,WORKAROUND_CVE_2017_5715))
 $(eval $(call add_define,WORKAROUND_CVE_2017_5715))
 
+# Process WORKAROUND_CVE_2018_3639 flag
+$(eval $(call assert_boolean,WORKAROUND_CVE_2018_3639))
+$(eval $(call add_define,WORKAROUND_CVE_2018_3639))
+
 # CPU Errata Build flags.
 # These should be enabled by the platform if the erratum workaround needs to be
 # applied.
commit	e6625ec35824ad45c115fa3c43702bbd5aa05f2c	[log] [tgz]
author	Dimitris Papastamos <dimitris.papastamos@arm.com>	Thu Apr 05 14:38:26 2018 +0100
committer	Dimitris Papastamos <dimitris.papastamos@arm.com>	Wed May 23 12:45:48 2018 +0100
tree	06c3f43c7cf979d11c86f7270d407d5edfd1d661
parent	570c06a5f59a1d27d3d94b134e7fb54c6147803e [diff]