2020-01-22 |
Prevent speculative execution past ERET
...
Even though ERET always causes a jump to another address, aarch64 CPUs
speculatively execute following instructions as if the ERET
instruction was not a jump instruction.
The speculative execution does not cross privilege-levels (to the jump
target as one would expect), but it continues on the kernel privilege
level as if the ERET instruction did not change the control flow -
thus execution anything that is accidentally linked after the ERET
instruction. Later, the results of this speculative execution are
always architecturally discarded, however they can leak data using
microarchitectural side channels. This speculative execution is very
reliable (seems to be unconditional) and it manages to complete even
relatively performance-heavy operations (e.g. multiple dependent
fetches from uncached memory).
This was fixed in Linux, FreeBSD, OpenBSD and Optee OS:
https://github.com/torvalds/linux/commit/679db70801da9fda91d26caf13bf5b5ccc74e8e8
https://github.com/freebsd/freebsd/commit/29fb48ace4186a41c409fde52bcf4216e9e50b61
https://github.com/openbsd/src/commit/3a08873ece1cb28ace89fd65e8f3c1375cc98de2
https://github.com/OP-TEE/optee_os/commit/abfd092aa19f9c0251e3d5551e2d68a9ebcfec8a
It is demonstrated in a SafeSide example:
https://github.com/google/safeside/blob/master/demos/eret_hvc_smc_wrapper.cc
https://github.com/google/safeside/blob/master/kernel_modules/kmod_eret_hvc_smc/eret_hvc_smc_module.c
Signed-off-by: Anthony Steinhauser <asteinhauser@google.com>
Change-Id: Iead39b0b9fb4b8d8b5609daaa8be81497ba63a0f
Anthony Steinhauser
committed
on 22 Jan 2020
|
2019-12-23 |
Workaround for Hercules erratum 1688305
...
Erratum 1688305 is a Cat B erratum present in r0p0, r0p1 versions
of Hercules core. The erratum can be avoided by setting bit 1 of the
implementation defined register CPUACTLR2_EL1 to 1 to prevent store-
release from being dispatched before it is the oldest.
Change-Id: I2ac04f5d9423868b6cdd4ceb3d0ffa46e570efed
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Madhukar Pappireddy
committed
on 23 Dec 2019
|
2019-10-24 |
Fix white space errors + remove #if defined
...
Fix a few white space errors and remove #if defined in workaround
for N1 Errata 1542419.
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: I07ac5a2fd50cd63de53c06e3d0f8262871b62fad
laurenw-arm
committed
on 24 Oct 2019
|
2019-10-07 |
Merge "Neoverse N1 Errata Workaround 1542419" into integration
Soby Mathew
authored
on 7 Oct 2019
TrustedFirmware Code Review
committed
on 7 Oct 2019
|
2019-10-04 |
Neoverse N1 Errata Workaround 1542419
...
Coherent I-cache is causing a prefetch violation where when the core
executes an instruction that has recently been modified, the core might
fetch a stale instruction which violates the ordering of instruction
fetches.
The workaround includes an instruction sequence to implementation
defined registers to trap all EL0 IC IVAU instructions to EL3 and a trap
handler to execute a TLB inner-shareable invalidation to an arbitrary
address followed by a DSB.
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: Ic3b7cbb11cf2eaf9005523ef5578a372593ae4d6
laurenw-arm
authored
on 20 Aug 2019
Deepika Bhavnani
committed
on 4 Oct 2019
|
2019-10-03 |
Introducing support for Cortex-A65AE
...
Change-Id: I1ea2bf088f1e001cdbd377cbfb7c6a2866af0422
Signed-off-by: Imre Kis <imre.kis@arm.com>
Imre Kis
committed
on 3 Oct 2019
|
2019-10-02 |
Introducing support for Cortex-A65
...
Change-Id: I645442d52a295706948e2cac88c36c1a3cb0bc47
Signed-off-by: Imre Kis <imre.kis@arm.com>
Imre Kis
committed
on 2 Oct 2019
|
2019-09-30 |
Cortex_hercules: Add support for Hercules-AE
...
Not tested on FVP Model.
Change-Id: Iedebc5c1fbc7ea577e94142b7feafa5546f1f4f9
Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com>
Artsem Artsemenka
committed
on 30 Sep 2019
|
2019-09-11 |
Zeus: apply the MSR SSBS instruction
...
Zeus supports the SSBS mechanism and also the new MSR instruction to
immediately apply the mitigation. Hence, the new instruction is utilised
in the Zeus-specific reset function.
Change-Id: I962747c28afe85a15207a0eba4146f9a115b27e7
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
John Tsichritzis
committed
on 11 Sep 2019
|
2019-08-20 |
Merge "Fix for N1 1043202 Errata Workaround" into integration
Alexei Fedorov
authored
on 20 Aug 2019
TrustedFirmware Code Review
committed
on 20 Aug 2019
|
2019-08-19 |
Fix for N1 1043202 Errata Workaround
...
ISB instruction was removed from the N1 1043202 Errata Workaround [1], this
fix is adding the ISB instruction back in.
[1] http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.pjdoc-466751330-10325/index.html
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: I74eac7f6ad38991c36d423ad6aa44558033ad388
laurenw-arm
committed
on 19 Aug 2019
|
2019-08-16 |
FVP_Base_AEMv8A platform: Fix cache maintenance operations
...
This patch fixes FVP_Base_AEMv8A model hang issue with
ARMv8.4+ with cache modelling enabled configuration.
Incorrect L1 cache flush operation to PoU, using CLIDR_EL1
LoUIS field, which is required by the architecture to be
zero for ARMv8.4-A with ARMv8.4-S2FWB feature is replaced
with L1 to L2 and L2 to L3 (if L3 is present) cache flushes.
FVP_Base_AEMv8A model can be configured with L3 enabled by
setting `cluster0.l3cache-size` and `cluster1.l3cache-size`
to non-zero values, and presence of L3 is checked in
`aem_generic_core_pwr_dwn` function by reading
CLIDR_EL1.Ctype3 field value.
Change-Id: If3de3d4eb5ed409e5b4ccdbc2fe6d5a01894a9af
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
Alexei Fedorov
authored
on 29 Jul 2019
Paul Beesley
committed
on 16 Aug 2019
|
2019-07-31 |
Enable AMU for Cortex-Hercules
...
Change-Id: Ie0a94783d0c8e111ae19fd592304e6485f04ca29
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>
Balint Dobszay
authored
on 15 Jul 2019
Bálint Dobszay
committed
on 31 Jul 2019
|
2019-07-16 |
Cortex_hercules: Introduce preliminary cpu support
...
Change-Id: Iab767e9937f5c6c8150953fcdc3b37e8ee83fa63
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Louis Mayencourt
committed
on 16 Jul 2019
|
2019-07-10 |
Rename Cortex-Deimos to Cortex-A77
...
Change-Id: I755e4c42242d9a052570fd1132ca3d937acadb13
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>
Balint Dobszay
committed
on 10 Jul 2019
|
2019-07-02 |
Removing redundant ISB instructions
...
Replacing ISB instructions in each Errata workaround with a single ISB
instruction before the RET in the reset handler.
Change-Id: I08afabc5b98986a6fe81664cd13822b36cab786f
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
lauwal01
committed
on 2 Jul 2019
|
Workaround for Neoverse N1 erratum 1275112
...
Neoverse N1 erratum 1275112 is a Cat B erratum [1],
present in older revisions of the Neoverse N1 processor core.
The workaround is to set a bit in the implementation defined
CPUACTLR_EL1 system register, which delays instruction fetch after
branch misprediction.
[1] http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.pjdoc-466751330-10325/index.html
Change-Id: If7fe55fe92e656fa6aea12327ab297f2e6119833
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
lauwal01
committed
on 2 Jul 2019
|
Workaround for Neoverse N1 erratum 1262888
...
Neoverse N1 erratum 1262888 is a Cat B erratum [1],
present in older revisions of the Neoverse N1 processor core.
The workaround is to set a bit in the implementation defined
CPUECTLR_EL1 system register, which disables the MMU hardware prefetcher.
[1] http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.pjdoc-466751330-10325/index.html
Change-Id: Ib733d748e32a7ea6a2783f3d5a9c5e13eee01105
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
lauwal01
committed
on 2 Jul 2019
|
Workaround for Neoverse N1 erratum 1262606
...
Neoverse N1 erratum 1262606 is a Cat B erratum [1],
present in older revisions of the Neoverse N1 processor core.
The workaround is to set a bit in the implementation defined
CPUACTLR_EL1 system register, which delays instruction fetch after
branch misprediction.
[1] http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.pjdoc-466751330-10325/index.html
Change-Id: Idd980e9d5310232d38f0ce272862e1fb0f02ce9a
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
lauwal01
committed
on 2 Jul 2019
|
Workaround for Neoverse N1 erratum 1257314
...
Neoverse N1 erratum 1257314 is a Cat B erratum [1],
present in older revisions of the Neoverse N1 processor core.
The workaround is to set a bit in the implementation defined
CPUACTLR3_EL1 system register, which prevents parallel
execution of divide and square root instructions.
[1] http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.pjdoc-466751330-10325/index.html
Change-Id: I54f0f40ff9043efee40d51e796b92ed85b394cbb
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
lauwal01
committed
on 2 Jul 2019
|
Workaround for Neoverse N1 erratum 1220197
...
Neoverse N1 erratum 1220197 is a Cat B erratum [1],
present in older revisions of the Neoverse N1 processor core.
The workaround is to set two bits in the implementation defined
CPUECTLR_EL1 system register, which disables write streaming to the L2.
[1] http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.pjdoc-466751330-10325/index.html
Change-Id: I9c3373f1b6d67d21ee71b2b80aec5e96826818e8
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
lauwal01
committed
on 2 Jul 2019
|
Workaround for Neoverse N1 erratum 1207823
...
Neoverse N1 erratum 1207823 is a Cat B erratum [1],
present in older revisions of the Neoverse N1 processor core.
The workaround is to set a bit in the implementation defined
CPUACTLR2_EL1 system register.
[1] http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.pjdoc-466751330-10325/index.html
Change-Id: Ia932337821f1ef0d644db3612480462a8d924d21
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
lauwal01
committed
on 2 Jul 2019
|
Workaround for Neoverse N1 erratum 1165347
...
Neoverse N1 erratum 1165347 is a Cat B erratum [1],
present in older revisions of the Neoverse N1 processor core.
The workaround is to set two bits in the implementation defined
CPUACTLR2_EL1 system register.
[1] http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.pjdoc-466751330-10325/index.html
Change-Id: I163d0ea00578245c1323d2340314cdc3088c450d
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
lauwal01
committed
on 2 Jul 2019
|
Workaround for Neoverse N1 erratum 1130799
...
Neoverse N1 erratum 1130799 is a Cat B erratum [1],
present in older revisions of the Neoverse N1 processor core.
The workaround is to set a bit in the implementation defined
CPUACTLR2_EL1 system register.
[1] http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.pjdoc-466751330-10325/index.html
Change-Id: I252bc45f9733443ba0503fefe62f50fdea61da6d
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
lauwal01
committed
on 2 Jul 2019
|
Workaround for Neoverse N1 erratum 1073348
...
Neoverse N1 erratum 1073348 is a Cat B erratum [1],
present in older revisions of the Neoverse N1 processor core.
The workaround is to set a bit in the implementation defined
CPUACTLR_EL1 system register, which disables static prediction.
[1] http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.pjdoc-466751330-10325/index.html
Change-Id: I674126c0af6e068eecb379a190bcf7c75dcbca8e
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
lauwal01
committed
on 2 Jul 2019
|
2019-06-17 |
Merge "DSU: Apply erratum 936184 for Neoverse N1/E1" into integration
John Tsichritzis
authored
on 17 Jun 2019
TrustedFirmware Code Review
committed
on 17 Jun 2019
|
2019-06-11 |
DSU: Apply erratum 936184 for Neoverse N1/E1
...
Change-Id: Idd08914bcb945ad6aa0621e594c95df88ee8f9c8
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Louis Mayencourt
committed
on 11 Jun 2019
|
2019-06-10 |
Merge changes from topic "jts/ti_fix" into integration
...
* changes:
ti: k3: common: Remove coherency workaround for AM65x
ti: k3: common: Use coherent memory for shared data
Soby Mathew
authored
on 10 Jun 2019
TrustedFirmware Code Review
committed
on 10 Jun 2019
|
2019-06-07 |
Merge "Neoverse N1: Introduce workaround for Neoverse N1 erratum 1315703" into integration
John Tsichritzis
authored
on 7 Jun 2019
TrustedFirmware Code Review
committed
on 7 Jun 2019
|
2019-06-06 |
Neoverse N1: Introduce workaround for Neoverse N1 erratum 1315703
...
Neoverse N1 erratum 1315703 is a Cat A (rare) erratum [1], present in
older revisions of the Neoverse N1 processor core.
The workaround is to set a bit in the implementation defined CPUACTLR2_EL1
system register, which will disable the load-bypass-store feature.
[1] http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.pjdocpjdoc-466751330-1032/index.html
Change-Id: I5c708dbe0efa4daa0bcb6bd9622c5efe19c03af9
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Andre Przywara
committed
on 6 Jun 2019
|