From 59dc3f05d1dcbb3cedc7a0550fe7247b952a6505 Mon Sep 17 00:00:00 2001
From: Dimitris Papastamos <dimitris.papastamos@arm.com>
Date: Thu, 30 Nov 2017 14:53:53 +0000
Subject: Workaround for CVE-2017-5715 on Cortex A57 and A72

Invalidate the Branch Target Buffer (BTB) on entry to EL3 by disabling
and enabling the MMU.  To achieve this without performing any branch
instruction, a per-cpu vbar is installed which executes the workaround
and then branches off to the corresponding vector entry in the main
vector table.  A side effect of this change is that the main vbar is
configured before any reset handling.  This is to allow the per-cpu
reset function to override the vbar setting.

This workaround is enabled by default on the affected CPUs.

Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
Change-Id: I10920c4980ebebf9be83d48186c5f98f9eed6534
[Resolve conflicts]
Signed-off-by: Marcin Wojtas <mw@semihalf.com>
Reviewed-on: http://vgitil04.il.marvell.com:8080/48848
Reviewed-by: Igal Liberman <igall@marvell.com>
Tested-by: iSoC Platform CI <ykjenk@marvell.com>
---
 bl31/aarch64/runtime_exceptions.S | 20 ++++++++++++++++++++
 bl31/bl31.mk                      |  4 ++++
 2 files changed, 24 insertions(+)

(limited to 'bl31')

diff --git a/bl31/aarch64/runtime_exceptions.S b/bl31/aarch64/runtime_exceptions.S
index 45b0213d..994239ed 100644
--- a/bl31/aarch64/runtime_exceptions.S
+++ b/bl31/aarch64/runtime_exceptions.S
@@ -14,6 +14,26 @@
 
 	.globl	runtime_exceptions
 
+	.globl	sync_exception_sp_el0
+	.globl	irq_sp_el0
+	.globl	fiq_sp_el0
+	.globl	serror_sp_el0
+
+	.globl	sync_exception_sp_elx
+	.globl	irq_sp_elx
+	.globl	fiq_sp_elx
+	.globl	serror_sp_elx
+
+	.globl	sync_exception_aarch64
+	.globl	irq_aarch64
+	.globl	fiq_aarch64
+	.globl	serror_aarch64
+
+	.globl	sync_exception_aarch32
+	.globl	irq_aarch32
+	.globl	fiq_aarch32
+	.globl	serror_aarch32
+
 	/* ---------------------------------------------------------------------
 	 * This macro handles Synchronous exceptions.
 	 * Only SMC exceptions are supported.
diff --git a/bl31/bl31.mk b/bl31/bl31.mk
index 0c9e3939..59cfae18 100644
--- a/bl31/bl31.mk
+++ b/bl31/bl31.mk
@@ -21,6 +21,10 @@ ifeq (${ENABLE_PMF}, 1)
 BL31_SOURCES		+=	lib/pmf/pmf_main.c
 endif
 
+ifeq (${WORKAROUND_CVE_2017_5715},1)
+BL31_SOURCES		+=	lib/cpus/aarch64/workaround_cve_2017_5715_mmu.S
+endif
+
 BL31_LINKERFILE		:=	bl31/bl31.ld.S
 
 # Flag used to indicate if Crash reporting via console should be included
-- 
cgit