[U-Boot] [PATCH 1/4] ARM: Introduce ability to enable ACR::IBE on Cortex-A8 for CVE-2017-5715

Nishanth Menon nm at ti.com
Tue Jun 12 20:24:08 UTC 2018 

As recommended by Arm in [1], IBE[2] has to be enabled unconditionally
for BPIALL to be functional on Cortex-A8 processors. Provide a config
option for platforms to enable this option based on impact analysis
for products.

NOTE: This patch in itself is NOT the final solution, this requires:
a) Implementation of v7_arch_cp15_set_acr on SoCs which may not
   provide direct access to ACR register.
b) Operating Systems such as Linux to provide adequate workaround in the right
   locations.
c) This workaround applies to only the boot processor. It is important
   to apply workaround as necessary (context-save-restore) around low
   power context loss OR additional processors as necessary in either
   firmware support OR elsewhere in OS.

[1] https://developer.arm.com/support/security-update
[2] http://infocenter.arm.com/help/topic/com.arm.doc.ddi0344k/Bgbffjhh.html

Cc: Marc Zyngier <marc.zyngier at arm.com>
Cc: Russell King <linux at arm.linux.org.uk>
Cc: Tony Lindgren <tony at atomide.com>
Cc: Robin Murphy <robin.murphy at arm.com>
Cc: Florian Fainelli <f.fainelli at gmail.com>
Cc: Catalin Marinas <catalin.marinas at arm.com>
Cc: Will Deacon <will.deacon at arm.com>
Cc: Christoffer Dall <christoffer.dall at linaro.org>
Cc: Andre Przywara <Andre.Przywara at arm.com>
Cc: Ard Biesheuvel <ard.biesheuvel at linaro.org>
Cc: Tom Rini <trini at konsulko.com>
Cc: Michael Nazzareno Trimarchi <michael at amarulasolutions.com>

Signed-off-by: Nishanth Menon <nm at ti.com>
---
 arch/arm/Kconfig           | 5 +++++
 arch/arm/cpu/armv7/start.S | 7 +++++--
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
index dde422bc5d53..9e32d5b43cb0 100644
--- a/arch/arm/Kconfig
+++ b/arch/arm/Kconfig
@@ -108,6 +108,8 @@ config SYS_ARM_MPU
 # CONFIG_ARM_ERRATA_621766
 # CONFIG_ARM_ERRATA_798870
 # CONFIG_ARM_ERRATA_801819
+# CONFIG_ARM_CORTEX_A8_CVE_2017_5715
+
 config ARM_ERRATA_430973
 	bool
 
@@ -177,6 +179,9 @@ config ARM_ERRATA_852423
 config ARM_ERRATA_855873
 	bool
 
+config ARM_CORTEX_A8_CVE_2017_5715
+	bool
+
 config CPU_ARM720T
 	bool
 	select SYS_CACHE_SHIFT_5
diff --git a/arch/arm/cpu/armv7/start.S b/arch/arm/cpu/armv7/start.S
index c996525f861e..3beaf5a93d81 100644
--- a/arch/arm/cpu/armv7/start.S
+++ b/arch/arm/cpu/armv7/start.S
@@ -252,12 +252,15 @@ skip_errata_801819:
 	pop	{r1-r5}			@ Restore the cpu info - fall through
 #endif
 
-#ifdef CONFIG_ARM_ERRATA_430973
+#if defined(CONFIG_ARM_ERRATA_430973) || defined (CONFIG_ARM_CORTEX_A8_CVE_2017_5715)
 	mrc	p15, 0, r0, c1, c0, 1	@ Read ACR
 
+#ifdef CONFIG_ARM_CORTEX_A8_CVE_2017_5715
+	orr	r0, r0, #(0x1 << 6)	@ Set IBE bit always to enable OS WA
+#else
 	cmp	r2, #0x21		@ Only on < r2p1
 	orrlt	r0, r0, #(0x1 << 6)	@ Set IBE bit
-
+#endif
 	push	{r1-r5}			@ Save the cpu info registers
 	bl	v7_arch_cp15_set_acr
 	pop	{r1-r5}			@ Restore the cpu info - fall through
-- 
2.15.1

More information about the U-Boot mailing list