| Message ID | 20180125214559.27570-3-nm@ti.com |
|---|---|
| State | Superseded |
| Headers | show |
| Series | ARM: v7: Enable basic framework for supporting bits for CVE-2017-5715 | expand |
On 01/26/2018 03:17 AM, Marc Zyngier wrote: > On 25/01/18 21:45, Nishanth Menon wrote: >> As recommended by Arm in [1], ACR needs to be set[2] to enable >> invalidation of BTB. This has to be enabled unconditionally for >> ICIALLU to be functional on Cortex-A15 processors. Provide a config > > Not quite. ACTLR[0] (Enable invalidates of BTB) has to be set for the > BTB to be invalidated on ICIALLU. ICIALLU itself is always functional > (otherwise, we'd have much bigger problems). > Thanks Marc. That did come out completely wrong! Sorry about that. will update once we have kernel side story complete.
diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig index c2ac0fef9d0c..116cee559ca4 100644 --- a/arch/arm/Kconfig +++ b/arch/arm/Kconfig @@ -87,6 +87,7 @@ config THUMB2_KERNEL # CONFIG_ARM_ERRATA_798870 # CONFIG_ARM_ERRATA_801819 # CONFIG_ARM_CORTEX_A8_CVE_2017_5715 +# CONFIG_ARM_CORTEX_A15_CVE_2017_5715 config ARM_ERRATA_430973 bool @@ -160,6 +161,9 @@ config ARM_ERRATA_855873 config ARM_CORTEX_A8_CVE_2017_5715 bool +config ARM_CORTEX_A15_CVE_2017_5715 + bool + config CPU_ARM720T bool select SYS_CACHE_SHIFT_5 diff --git a/arch/arm/cpu/armv7/start.S b/arch/arm/cpu/armv7/start.S index 64c5d7598dea..4835316bb37e 100644 --- a/arch/arm/cpu/armv7/start.S +++ b/arch/arm/cpu/armv7/start.S @@ -238,6 +238,14 @@ skip_errata_798870: skip_errata_801819: #endif +#ifdef CONFIG_ARM_CORTEX_A15_CVE_2017_5715 + mrc p15, 0, r0, c1, c0, 1 @ read auxilary control register + orr r0, r0, #1 << 0 @ Enable invalidates of BTB + push {r1-r5} @ Save the cpu info registers + bl v7_arch_cp15_set_acr + pop {r1-r5} @ Restore the cpu info - fall through +#endif + #ifdef CONFIG_ARM_ERRATA_454179 mrc p15, 0, r0, c1, c0, 1 @ Read ACR
As recommended by Arm in [1], ACR needs to be set[2] to enable invalidation of BTB. This has to be enabled unconditionally for ICIALLU to be functional on Cortex-A15 processors. Provide a config option for platforms to enable this option based on impact analysis for products. NOTE: This patch in itself is NOT the final solution, this requires: a) Implementation of v7_arch_cp15_set_acr on SoCs which may not provide direct access to ACR register. b) Operating Systems such as Linux to provide adequate workaround in the right locations. [1] https://developer.arm.com/support/security-update [2] http://infocenter.arm.com/help/topic/com.arm.doc.ddi0438c/BABGHIBG.html Cc: Marc Zyngier <marc.zyngier@arm.com> Cc: Russell King <linux@arm.linux.org.uk> Cc: Tony Lindgren <tony@atomide.com> Cc: Robin Murphy <robin.murphy@arm.com> Cc: Florian Fainelli <f.fainelli@gmail.com> Cc: Catalin Marinas <catalin.marinas@arm.com> Cc: Will Deacon <will.deacon@arm.com> Cc: Christoffer Dall <christoffer.dall@linaro.org> Cc: Andre Przywara <Andre.Przywara@arm.com> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> Cc: Tom Rini <trini@konsulko.com> Cc: Michael Nazzareno Trimarchi <michael@amarulasolutions.com> Signed-off-by: Nishanth Menon <nm@ti.com> --- arch/arm/Kconfig | 4 ++++ arch/arm/cpu/armv7/start.S | 8 ++++++++ 2 files changed, 12 insertions(+)