diff --git a/include/lib/cpus/aarch64/cpu_macros.S b/include/lib/cpus/aarch64/cpu_macros.S index ccf5306..6c3a5b9 100644 --- a/include/lib/cpus/aarch64/cpu_macros.S +++ b/include/lib/cpus/aarch64/cpu_macros.S @@ -229,3 +229,18 @@ #endif #endif /* __CPU_MACROS_S__ */ + + /* + * This macro is used on some CPUs to detect if they are vulnerable + * to CVE-2017-5715. + */ + .macro cpu_check_csv2 _reg _label + mrs \_reg, id_aa64pfr0_el1 + ubfx \_reg, \_reg, #ID_AA64PFR0_CSV2_SHIFT, #ID_AA64PFR0_CSV2_LENGTH + /* + * If the field equals to 1 then branch targets trained in one + * context cannot affect speculative execution in a different context. + */ + cmp \_reg, #1 + beq \_label + .endm diff --git a/lib/cpus/aarch64/cortex_a72.S b/lib/cpus/aarch64/cortex_a72.S index 9633aa8..199820c 100644 --- a/lib/cpus/aarch64/cortex_a72.S +++ b/lib/cpus/aarch64/cortex_a72.S @@ -98,12 +98,16 @@ endfunc check_errata_859971 func check_errata_cve_2017_5715 + cpu_check_csv2 x0, 1f #if WORKAROUND_CVE_2017_5715 mov x0, #ERRATA_APPLIES #else mov x0, #ERRATA_MISSING #endif ret +1: + mov x0, #ERRATA_NOT_APPLIES + ret endfunc check_errata_cve_2017_5715 /* ------------------------------------------------- @@ -121,8 +125,10 @@ #endif #if IMAGE_BL31 && WORKAROUND_CVE_2017_5715 + cpu_check_csv2 x0, 1f adr x0, workaround_mmu_runtime_exceptions msr vbar_el3, x0 +1: #endif /* --------------------------------------------- diff --git a/lib/cpus/aarch64/cortex_a73.S b/lib/cpus/aarch64/cortex_a73.S index 11680a0..63d16f9 100644 --- a/lib/cpus/aarch64/cortex_a73.S +++ b/lib/cpus/aarch64/cortex_a73.S @@ -37,8 +37,10 @@ func cortex_a73_reset_func #if IMAGE_BL31 && WORKAROUND_CVE_2017_5715 + cpu_check_csv2 x0, 1f adr x0, workaround_bpiall_vbar0_runtime_exceptions msr vbar_el3, x0 +1: #endif /* --------------------------------------------- @@ -115,12 +117,16 @@ endfunc cortex_a73_cluster_pwr_dwn func check_errata_cve_2017_5715 + cpu_check_csv2 x0, 1f #if WORKAROUND_CVE_2017_5715 mov x0, #ERRATA_APPLIES #else mov x0, #ERRATA_MISSING #endif ret +1: + mov x0, #ERRATA_NOT_APPLIES + ret endfunc check_errata_cve_2017_5715 #if REPORT_ERRATA diff --git a/lib/cpus/aarch64/cortex_a75.S b/lib/cpus/aarch64/cortex_a75.S index 12ea304..d102795 100644 --- a/lib/cpus/aarch64/cortex_a75.S +++ b/lib/cpus/aarch64/cortex_a75.S @@ -12,15 +12,7 @@ func cortex_a75_reset_func #if IMAGE_BL31 && WORKAROUND_CVE_2017_5715 - mrs x0, id_aa64pfr0_el1 - ubfx x0, x0, #ID_AA64PFR0_CSV2_SHIFT, #ID_AA64PFR0_CSV2_LENGTH - /* - * If the field equals to 1 then branch targets trained in one - * context cannot affect speculative execution in a different context. - */ - cmp x0, #1 - beq 1f - + cpu_check_csv2 x0, 1f adr x0, workaround_bpiall_vbar0_runtime_exceptions msr vbar_el3, x0 1: @@ -53,15 +45,7 @@ endfunc cortex_a75_reset_func func check_errata_cve_2017_5715 - mrs x0, id_aa64pfr0_el1 - ubfx x0, x0, #ID_AA64PFR0_CSV2_SHIFT, #ID_AA64PFR0_CSV2_LENGTH - /* - * If the field equals to 1 then branch targets trained in one - * context cannot affect speculative execution in a different context. - */ - cmp x0, #1 - beq 1f - + cpu_check_csv2 x0, 1f #if WORKAROUND_CVE_2017_5715 mov x0, #ERRATA_APPLIES #else