[U-Boot] [RFC PATCH 1/2] ARM: Introduce ability to enable ACR::IBE on Cortex-A8 for CVE-2017-5715

Nishanth Menon nm at ti.com
Thu Jan 25 21:45:58 UTC 2018 

As recommended by Arm in [1], IBE[2] has to be enabled unconditionally
for BPIALL to be functional on Cortex-A8 processors. Provide a config
option for platforms to enable this option based on impact analysis
for products.

NOTE: This patch in itself is NOT the final solution, this requires:
a) Implementation of v7_arch_cp15_set_acr on SoCs which may not
   provide direct access to ACR register.
b) Operating Systems such as Linux to provide adequate workaround in the right
   locations.

[1] https://developer.arm.com/support/security-update
[2] http://infocenter.arm.com/help/topic/com.arm.doc.ddi0344k/Bgbffjhh.html

Cc: Marc Zyngier <marc.zyngier at arm.com>
Cc: Russell King <linux at arm.linux.org.uk>
Cc: Tony Lindgren <tony at atomide.com>
Cc: Robin Murphy <robin.murphy at arm.com>
Cc: Florian Fainelli <f.fainelli at gmail.com>
Cc: Catalin Marinas <catalin.marinas at arm.com>
Cc: Will Deacon <will.deacon at arm.com>
Cc: Christoffer Dall <christoffer.dall at linaro.org>
Cc: Andre Przywara <Andre.Przywara at arm.com>
Cc: Ard Biesheuvel <ard.biesheuvel at linaro.org>
Cc: Tom Rini <trini at konsulko.com>
Cc: Michael Nazzareno Trimarchi <michael at amarulasolutions.com>

Signed-off-by: Nishanth Menon <nm at ti.com>
---
 arch/arm/Kconfig           | 5 +++++
 arch/arm/cpu/armv7/start.S | 7 +++++--
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
index f6d57f5505ff..c2ac0fef9d0c 100644
--- a/arch/arm/Kconfig
+++ b/arch/arm/Kconfig
@@ -86,6 +86,8 @@ config THUMB2_KERNEL
 # CONFIG_ARM_ERRATA_621766
 # CONFIG_ARM_ERRATA_798870
 # CONFIG_ARM_ERRATA_801819
+# CONFIG_ARM_CORTEX_A8_CVE_2017_5715
+
 config ARM_ERRATA_430973
 	bool
 
@@ -155,6 +157,9 @@ config ARM_ERRATA_852423
 config ARM_ERRATA_855873
 	bool
 
+config ARM_CORTEX_A8_CVE_2017_5715
+	bool
+
 config CPU_ARM720T
 	bool
 	select SYS_CACHE_SHIFT_5
diff --git a/arch/arm/cpu/armv7/start.S b/arch/arm/cpu/armv7/start.S
index 7e2695761e98..64c5d7598dea 100644
--- a/arch/arm/cpu/armv7/start.S
+++ b/arch/arm/cpu/armv7/start.S
@@ -249,12 +249,15 @@ skip_errata_801819:
 	pop	{r1-r5}			@ Restore the cpu info - fall through
 #endif
 
-#ifdef CONFIG_ARM_ERRATA_430973
+#if defined(CONFIG_ARM_ERRATA_430973) || defined (CONFIG_ARM_CORTEX_A8_CVE_2017_5715)
 	mrc	p15, 0, r0, c1, c0, 1	@ Read ACR
 
+#ifdef CONFIG_ARM_CORTEX_A8_CVE_2017_5715
+	orr	r0, r0, #(0x1 << 6)	@ Set IBE bit always to enable OS WA
+#else
 	cmp	r2, #0x21		@ Only on < r2p1
 	orrlt	r0, r0, #(0x1 << 6)	@ Set IBE bit
-
+#endif
 	push	{r1-r5}			@ Save the cpu info registers
 	bl	v7_arch_cp15_set_acr
 	pop	{r1-r5}			@ Restore the cpu info - fall through
-- 
2.15.1

More information about the U-Boot mailing list