[U-Boot] [RFC PATCH 1/2] ARM: Introduce ability to enable ACR::IBE on Cortex-A8 for CVE-2017-5715

Marek Vasut marek.vasut at gmail.com
Mon Jun 11 10:43:35 UTC 2018 

On 01/25/2018 10:45 PM, Nishanth Menon wrote:
> As recommended by Arm in [1], IBE[2] has to be enabled unconditionally
> for BPIALL to be functional on Cortex-A8 processors. Provide a config
> option for platforms to enable this option based on impact analysis
> for products.
> 
> NOTE: This patch in itself is NOT the final solution, this requires:
> a) Implementation of v7_arch_cp15_set_acr on SoCs which may not
>    provide direct access to ACR register.
> b) Operating Systems such as Linux to provide adequate workaround in the right
>    locations.
> 
> [1] https://developer.arm.com/support/security-update
> [2] http://infocenter.arm.com/help/topic/com.arm.doc.ddi0344k/Bgbffjhh.html
> 
> Cc: Marc Zyngier <marc.zyngier at arm.com>
> Cc: Russell King <linux at arm.linux.org.uk>
> Cc: Tony Lindgren <tony at atomide.com>
> Cc: Robin Murphy <robin.murphy at arm.com>
> Cc: Florian Fainelli <f.fainelli at gmail.com>
> Cc: Catalin Marinas <catalin.marinas at arm.com>
> Cc: Will Deacon <will.deacon at arm.com>
> Cc: Christoffer Dall <christoffer.dall at linaro.org>
> Cc: Andre Przywara <Andre.Przywara at arm.com>
> Cc: Ard Biesheuvel <ard.biesheuvel at linaro.org>
> Cc: Tom Rini <trini at konsulko.com>
> Cc: Michael Nazzareno Trimarchi <michael at amarulasolutions.com>
> 
> Signed-off-by: Nishanth Menon <nm at ti.com>

Bump ? Linux recently started checking for the IBE bit, so it'd be good
to get this applied.

> ---
>  arch/arm/Kconfig           | 5 +++++
>  arch/arm/cpu/armv7/start.S | 7 +++++--
>  2 files changed, 10 insertions(+), 2 deletions(-)
> 
> diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
> index f6d57f5505ff..c2ac0fef9d0c 100644
> --- a/arch/arm/Kconfig
> +++ b/arch/arm/Kconfig
> @@ -86,6 +86,8 @@ config THUMB2_KERNEL
>  # CONFIG_ARM_ERRATA_621766
>  # CONFIG_ARM_ERRATA_798870
>  # CONFIG_ARM_ERRATA_801819
> +# CONFIG_ARM_CORTEX_A8_CVE_2017_5715
> +
>  config ARM_ERRATA_430973
>  	bool
>  
> @@ -155,6 +157,9 @@ config ARM_ERRATA_852423
>  config ARM_ERRATA_855873
>  	bool
>  
> +config ARM_CORTEX_A8_CVE_2017_5715
> +	bool
> +
>  config CPU_ARM720T
>  	bool
>  	select SYS_CACHE_SHIFT_5
> diff --git a/arch/arm/cpu/armv7/start.S b/arch/arm/cpu/armv7/start.S
> index 7e2695761e98..64c5d7598dea 100644
> --- a/arch/arm/cpu/armv7/start.S
> +++ b/arch/arm/cpu/armv7/start.S
> @@ -249,12 +249,15 @@ skip_errata_801819:
>  	pop	{r1-r5}			@ Restore the cpu info - fall through
>  #endif
>  
> -#ifdef CONFIG_ARM_ERRATA_430973
> +#if defined(CONFIG_ARM_ERRATA_430973) || defined (CONFIG_ARM_CORTEX_A8_CVE_2017_5715)
>  	mrc	p15, 0, r0, c1, c0, 1	@ Read ACR
>  
> +#ifdef CONFIG_ARM_CORTEX_A8_CVE_2017_5715
> +	orr	r0, r0, #(0x1 << 6)	@ Set IBE bit always to enable OS WA
> +#else
>  	cmp	r2, #0x21		@ Only on < r2p1
>  	orrlt	r0, r0, #(0x1 << 6)	@ Set IBE bit
> -
> +#endif
>  	push	{r1-r5}			@ Save the cpu info registers
>  	bl	v7_arch_cp15_set_acr
>  	pop	{r1-r5}			@ Restore the cpu info - fall through
> 


-- 
Best regards,
Marek Vasut

More information about the U-Boot mailing list