aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNishanth Menon2018-11-07 10:47:10 -0600
committerLokesh Vutla2018-11-08 23:43:08 -0600
commit041eb010bfb3ea76b38d22f206f561d7c010ae90 (patch)
treee7e7ca0c05c130afb47e8acebf79f4c7ed13459b
parentbf544d9ab3f667f438300eb15712df99b11a2dd1 (diff)
downloadu-boot-041eb010bfb3ea76b38d22f206f561d7c010ae90.tar.gz
u-boot-041eb010bfb3ea76b38d22f206f561d7c010ae90.tar.xz
u-boot-041eb010bfb3ea76b38d22f206f561d7c010ae90.zip
ARM: Introduce ability to enable ACR::IBE on Cortex-A8 for CVE-2017-5715
commit 7b37a9c732bfec392b8f081eefa83427f794f937 upstream As recommended by Arm in [1], IBE[2] has to be enabled unconditionally for BPIALL to be functional on Cortex-A8 processors. Provide a config option for platforms to enable this option based on impact analysis for products. NOTE: This patch in itself is NOT the final solution, this requires: a) Implementation of v7_arch_cp15_set_acr on SoCs which may not provide direct access to ACR register. b) Operating Systems such as Linux to provide adequate workaround in the right locations. c) This workaround applies to only the boot processor. It is important to apply workaround as necessary (context-save-restore) around low power context loss OR additional processors as necessary in either firmware support OR elsewhere in OS. [1] https://developer.arm.com/support/security-update [2] http://infocenter.arm.com/help/topic/com.arm.doc.ddi0344k/Bgbffjhh.html Cc: Marc Zyngier <marc.zyngier@arm.com> Cc: Russell King <linux@arm.linux.org.uk> Cc: Tony Lindgren <tony@atomide.com> Cc: Robin Murphy <robin.murphy@arm.com> Cc: Florian Fainelli <f.fainelli@gmail.com> Cc: Catalin Marinas <catalin.marinas@arm.com> Cc: Will Deacon <will.deacon@arm.com> Cc: Christoffer Dall <christoffer.dall@linaro.org> Cc: Andre Przywara <Andre.Przywara@arm.com> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> Cc: Tom Rini <trini@konsulko.com> Cc: Michael Nazzareno Trimarchi <michael@amarulasolutions.com> Signed-off-by: Nishanth Menon <nm@ti.com> Tested-by: Fabio Estevam <fabio.estevam@nxp.com>
-rw-r--r--arch/arm/Kconfig5
-rw-r--r--arch/arm/cpu/armv7/start.S7
2 files changed, 10 insertions, 2 deletions
diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
index 601fe9580d..68c456803b 100644
--- a/arch/arm/Kconfig
+++ b/arch/arm/Kconfig
@@ -78,6 +78,8 @@ config SYS_ARM_MPU
78# CONFIG_ARM_ERRATA_621766 78# CONFIG_ARM_ERRATA_621766
79# CONFIG_ARM_ERRATA_798870 79# CONFIG_ARM_ERRATA_798870
80# CONFIG_ARM_ERRATA_801819 80# CONFIG_ARM_ERRATA_801819
81# CONFIG_ARM_CORTEX_A8_CVE_2017_5715
82
81config ARM_ERRATA_430973 83config ARM_ERRATA_430973
82 bool 84 bool
83 85
@@ -147,6 +149,9 @@ config ARM_ERRATA_852423
147config ARM_ERRATA_855873 149config ARM_ERRATA_855873
148 bool 150 bool
149 151
152config ARM_CORTEX_A8_CVE_2017_5715
153 bool
154
150config CPU_ARM720T 155config CPU_ARM720T
151 bool 156 bool
152 select SYS_CACHE_SHIFT_5 157 select SYS_CACHE_SHIFT_5
diff --git a/arch/arm/cpu/armv7/start.S b/arch/arm/cpu/armv7/start.S
index 29b51f2a0f..f0ad6d8e21 100644
--- a/arch/arm/cpu/armv7/start.S
+++ b/arch/arm/cpu/armv7/start.S
@@ -253,12 +253,15 @@ skip_errata_801819:
253 pop {r1-r5} @ Restore the cpu info - fall through 253 pop {r1-r5} @ Restore the cpu info - fall through
254#endif 254#endif
255 255
256#ifdef CONFIG_ARM_ERRATA_430973 256#if defined(CONFIG_ARM_ERRATA_430973) || defined (CONFIG_ARM_CORTEX_A8_CVE_2017_5715)
257 mrc p15, 0, r0, c1, c0, 1 @ Read ACR 257 mrc p15, 0, r0, c1, c0, 1 @ Read ACR
258 258
259#ifdef CONFIG_ARM_CORTEX_A8_CVE_2017_5715
260 orr r0, r0, #(0x1 << 6) @ Set IBE bit always to enable OS WA
261#else
259 cmp r2, #0x21 @ Only on < r2p1 262 cmp r2, #0x21 @ Only on < r2p1
260 orrlt r0, r0, #(0x1 << 6) @ Set IBE bit 263 orrlt r0, r0, #(0x1 << 6) @ Set IBE bit
261 264#endif
262 push {r1-r5} @ Save the cpu info registers 265 push {r1-r5} @ Save the cpu info registers
263 bl v7_arch_cp15_set_acr 266 bl v7_arch_cp15_set_acr
264 pop {r1-r5} @ Restore the cpu info - fall through 267 pop {r1-r5} @ Restore the cpu info - fall through