| Message ID | 20180125214559.27570-2-nm@ti.com |
|---|---|
| State | Superseded |
| Headers | show |
| Series | ARM: v7: Enable basic framework for supporting bits for CVE-2017-5715 | expand |
On 01/25/2018 10:45 PM, Nishanth Menon wrote: > As recommended by Arm in [1], IBE[2] has to be enabled unconditionally > for BPIALL to be functional on Cortex-A8 processors. Provide a config > option for platforms to enable this option based on impact analysis > for products. > > NOTE: This patch in itself is NOT the final solution, this requires: > a) Implementation of v7_arch_cp15_set_acr on SoCs which may not > provide direct access to ACR register. > b) Operating Systems such as Linux to provide adequate workaround in the right > locations. > > [1] https://developer.arm.com/support/security-update > [2] http://infocenter.arm.com/help/topic/com.arm.doc.ddi0344k/Bgbffjhh.html > > Cc: Marc Zyngier <marc.zyngier@arm.com> > Cc: Russell King <linux@arm.linux.org.uk> > Cc: Tony Lindgren <tony@atomide.com> > Cc: Robin Murphy <robin.murphy@arm.com> > Cc: Florian Fainelli <f.fainelli@gmail.com> > Cc: Catalin Marinas <catalin.marinas@arm.com> > Cc: Will Deacon <will.deacon@arm.com> > Cc: Christoffer Dall <christoffer.dall@linaro.org> > Cc: Andre Przywara <Andre.Przywara@arm.com> > Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> > Cc: Tom Rini <trini@konsulko.com> > Cc: Michael Nazzareno Trimarchi <michael@amarulasolutions.com> > > Signed-off-by: Nishanth Menon <nm@ti.com> Bump ? Linux recently started checking for the IBE bit, so it'd be good to get this applied. > --- > arch/arm/Kconfig | 5 +++++ > arch/arm/cpu/armv7/start.S | 7 +++++-- > 2 files changed, 10 insertions(+), 2 deletions(-) > > diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig > index f6d57f5505ff..c2ac0fef9d0c 100644 > --- a/arch/arm/Kconfig > +++ b/arch/arm/Kconfig > @@ -86,6 +86,8 @@ config THUMB2_KERNEL > # CONFIG_ARM_ERRATA_621766 > # CONFIG_ARM_ERRATA_798870 > # CONFIG_ARM_ERRATA_801819 > +# CONFIG_ARM_CORTEX_A8_CVE_2017_5715 > + > config ARM_ERRATA_430973 > bool > > @@ -155,6 +157,9 @@ config ARM_ERRATA_852423 > config ARM_ERRATA_855873 > bool > > +config ARM_CORTEX_A8_CVE_2017_5715 > + bool > + > config CPU_ARM720T > bool > select SYS_CACHE_SHIFT_5 > diff --git a/arch/arm/cpu/armv7/start.S b/arch/arm/cpu/armv7/start.S > index 7e2695761e98..64c5d7598dea 100644 > --- a/arch/arm/cpu/armv7/start.S > +++ b/arch/arm/cpu/armv7/start.S > @@ -249,12 +249,15 @@ skip_errata_801819: > pop {r1-r5} @ Restore the cpu info - fall through > #endif > > -#ifdef CONFIG_ARM_ERRATA_430973 > +#if defined(CONFIG_ARM_ERRATA_430973) || defined (CONFIG_ARM_CORTEX_A8_CVE_2017_5715) > mrc p15, 0, r0, c1, c0, 1 @ Read ACR > > +#ifdef CONFIG_ARM_CORTEX_A8_CVE_2017_5715 > + orr r0, r0, #(0x1 << 6) @ Set IBE bit always to enable OS WA > +#else > cmp r2, #0x21 @ Only on < r2p1 > orrlt r0, r0, #(0x1 << 6) @ Set IBE bit > - > +#endif > push {r1-r5} @ Save the cpu info registers > bl v7_arch_cp15_set_acr > pop {r1-r5} @ Restore the cpu info - fall through >
diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig index f6d57f5505ff..c2ac0fef9d0c 100644 --- a/arch/arm/Kconfig +++ b/arch/arm/Kconfig @@ -86,6 +86,8 @@ config THUMB2_KERNEL # CONFIG_ARM_ERRATA_621766 # CONFIG_ARM_ERRATA_798870 # CONFIG_ARM_ERRATA_801819 +# CONFIG_ARM_CORTEX_A8_CVE_2017_5715 + config ARM_ERRATA_430973 bool @@ -155,6 +157,9 @@ config ARM_ERRATA_852423 config ARM_ERRATA_855873 bool +config ARM_CORTEX_A8_CVE_2017_5715 + bool + config CPU_ARM720T bool select SYS_CACHE_SHIFT_5 diff --git a/arch/arm/cpu/armv7/start.S b/arch/arm/cpu/armv7/start.S index 7e2695761e98..64c5d7598dea 100644 --- a/arch/arm/cpu/armv7/start.S +++ b/arch/arm/cpu/armv7/start.S @@ -249,12 +249,15 @@ skip_errata_801819: pop {r1-r5} @ Restore the cpu info - fall through #endif -#ifdef CONFIG_ARM_ERRATA_430973 +#if defined(CONFIG_ARM_ERRATA_430973) || defined (CONFIG_ARM_CORTEX_A8_CVE_2017_5715) mrc p15, 0, r0, c1, c0, 1 @ Read ACR +#ifdef CONFIG_ARM_CORTEX_A8_CVE_2017_5715 + orr r0, r0, #(0x1 << 6) @ Set IBE bit always to enable OS WA +#else cmp r2, #0x21 @ Only on < r2p1 orrlt r0, r0, #(0x1 << 6) @ Set IBE bit - +#endif push {r1-r5} @ Save the cpu info registers bl v7_arch_cp15_set_acr pop {r1-r5} @ Restore the cpu info - fall through
As recommended by Arm in [1], IBE[2] has to be enabled unconditionally for BPIALL to be functional on Cortex-A8 processors. Provide a config option for platforms to enable this option based on impact analysis for products. NOTE: This patch in itself is NOT the final solution, this requires: a) Implementation of v7_arch_cp15_set_acr on SoCs which may not provide direct access to ACR register. b) Operating Systems such as Linux to provide adequate workaround in the right locations. [1] https://developer.arm.com/support/security-update [2] http://infocenter.arm.com/help/topic/com.arm.doc.ddi0344k/Bgbffjhh.html Cc: Marc Zyngier <marc.zyngier@arm.com> Cc: Russell King <linux@arm.linux.org.uk> Cc: Tony Lindgren <tony@atomide.com> Cc: Robin Murphy <robin.murphy@arm.com> Cc: Florian Fainelli <f.fainelli@gmail.com> Cc: Catalin Marinas <catalin.marinas@arm.com> Cc: Will Deacon <will.deacon@arm.com> Cc: Christoffer Dall <christoffer.dall@linaro.org> Cc: Andre Przywara <Andre.Przywara@arm.com> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> Cc: Tom Rini <trini@konsulko.com> Cc: Michael Nazzareno Trimarchi <michael@amarulasolutions.com> Signed-off-by: Nishanth Menon <nm@ti.com> --- arch/arm/Kconfig | 5 +++++ arch/arm/cpu/armv7/start.S | 7 +++++-- 2 files changed, 10 insertions(+), 2 deletions(-)