diff options
| author | Nishanth Menon <nm@ti.com> | 2018-06-12 15:24:08 -0500 |
|---|---|---|
| committer | Tom Rini <trini@konsulko.com> | 2018-06-29 11:30:39 -0400 |
| commit | 7b37a9c732bfec392b8f081eefa83427f794f937 (patch) | |
| tree | d8a4028443d814a1fa0181ef30445a271a3d7e3d | |
| parent | fb77a9e3537039664ad42992bef6688869eda7c1 (diff) | |
| download | u-boot-7b37a9c732bfec392b8f081eefa83427f794f937.tar.gz | |
ARM: Introduce ability to enable ACR::IBE on Cortex-A8 for CVE-2017-5715
As recommended by Arm in [1], IBE[2] has to be enabled unconditionally
for BPIALL to be functional on Cortex-A8 processors. Provide a config
option for platforms to enable this option based on impact analysis
for products.
NOTE: This patch in itself is NOT the final solution, this requires:
a) Implementation of v7_arch_cp15_set_acr on SoCs which may not
provide direct access to ACR register.
b) Operating Systems such as Linux to provide adequate workaround in the right
locations.
c) This workaround applies to only the boot processor. It is important
to apply workaround as necessary (context-save-restore) around low
power context loss OR additional processors as necessary in either
firmware support OR elsewhere in OS.
[1] https://developer.arm.com/support/security-update
[2] http://infocenter.arm.com/help/topic/com.arm.doc.ddi0344k/Bgbffjhh.html
Cc: Marc Zyngier <marc.zyngier@arm.com>
Cc: Russell King <linux@arm.linux.org.uk>
Cc: Tony Lindgren <tony@atomide.com>
Cc: Robin Murphy <robin.murphy@arm.com>
Cc: Florian Fainelli <f.fainelli@gmail.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Will Deacon <will.deacon@arm.com>
Cc: Christoffer Dall <christoffer.dall@linaro.org>
Cc: Andre Przywara <Andre.Przywara@arm.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Tom Rini <trini@konsulko.com>
Cc: Michael Nazzareno Trimarchi <michael@amarulasolutions.com>
Signed-off-by: Nishanth Menon <nm@ti.com>
Tested-by: Fabio Estevam <fabio.estevam@nxp.com>
| -rw-r--r-- | arch/arm/Kconfig | 5 | ||||
| -rw-r--r-- | arch/arm/cpu/armv7/start.S | 7 |
2 files changed, 10 insertions, 2 deletions
diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig index 22234cde2a..ba8b0ccbd2 100644 --- a/arch/arm/Kconfig +++ b/arch/arm/Kconfig @@ -108,6 +108,8 @@ config SYS_ARM_MPU # CONFIG_ARM_ERRATA_621766 # CONFIG_ARM_ERRATA_798870 # CONFIG_ARM_ERRATA_801819 +# CONFIG_ARM_CORTEX_A8_CVE_2017_5715 + config ARM_ERRATA_430973 bool @@ -177,6 +179,9 @@ config ARM_ERRATA_852423 config ARM_ERRATA_855873 bool +config ARM_CORTEX_A8_CVE_2017_5715 + bool + config CPU_ARM720T bool select SYS_CACHE_SHIFT_5 diff --git a/arch/arm/cpu/armv7/start.S b/arch/arm/cpu/armv7/start.S index c996525f86..3beaf5a93d 100644 --- a/arch/arm/cpu/armv7/start.S +++ b/arch/arm/cpu/armv7/start.S @@ -252,12 +252,15 @@ skip_errata_801819: pop {r1-r5} @ Restore the cpu info - fall through #endif -#ifdef CONFIG_ARM_ERRATA_430973 +#if defined(CONFIG_ARM_ERRATA_430973) || defined (CONFIG_ARM_CORTEX_A8_CVE_2017_5715) mrc p15, 0, r0, c1, c0, 1 @ Read ACR +#ifdef CONFIG_ARM_CORTEX_A8_CVE_2017_5715 + orr r0, r0, #(0x1 << 6) @ Set IBE bit always to enable OS WA +#else cmp r2, #0x21 @ Only on < r2p1 orrlt r0, r0, #(0x1 << 6) @ Set IBE bit - +#endif push {r1-r5} @ Save the cpu info registers bl v7_arch_cp15_set_acr pop {r1-r5} @ Restore the cpu info - fall through |