Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Workarounds for CVE-2017-5715 on A9/A15 and A17 + serial console reporting #1228

Merged
merged 4 commits into from Jan 25, 2018
Merged

Workarounds for CVE-2017-5715 on A9/A15 and A17 + serial console reporting #1228

merged 4 commits into from Jan 25, 2018

Conversation

ghost
Copy link

@ghost ghost commented Jan 18, 2018
edited by ghost
Loading

This PR includes the workarounds for A9, A15 and A17. The workarounds target sp_min but can easily be adapted to work on other implementations.

Two patches are included to enable workaround reporting on the affected AArch64 and AArch32 CPUs.

Dimitris Papastamos added 4 commits January 18, 2018 10:36
Change the default errata format string
c0ca14d 
As we are using the errata framework to handle workarounds in a more
general sense, change the default string to reflect that.

Change-Id: I2e266af2392c9d95e18fe4e965f9a1d46fd0e95e
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
Print erratum application report for CVE-2017-5715
eec9e7d 
Even though the workaround for CVE-2017-5715 is not a CPU erratum, the
code is piggybacking on the errata framework to print whether the
workaround was applied, missing or not needed.

Change-Id: I821197a4b8560c73fd894cd7cd9ecf9503c72fa3
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
sp_min: Implement workaround for CVE-2017-5715
7343505 
This patch introduces two workarounds for ARMv7 systems.  The
workarounds need to be applied prior to any `branch` instruction in
secure world.  This is achieved using a custom vector table where each
entry is an `add sp, sp, #1` instruction.

On entry to monitor mode, once the sequence of `ADD` instructions is
executed, the branch target buffer (BTB) is invalidated.  The bottom
bits of `SP` are then used to decode the exception entry type.

A side effect of this change is that the exception vectors are
installed before the CPU specific reset function.  This is now
consistent with how it is done on AArch64.

Note, on AArch32 systems, the exception vectors are typically tightly
integrated with the secure payload (e.g. the Trusted OS).  This
workaround will need porting to each secure payload that requires it.

The patch to modify the AArch32 per-cpu vbar to the corresponding
workaround vector table according to the CPU type will be done in a
later patch.

Change-Id: I5786872497d359e496ebe0757e8017fa98f753fa
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
Workaround for CVE-2017-5715 for Cortex A9, A15 and A17
e4b34ef 
A per-cpu vbar is installed that implements the workaround by
invalidating the branch target buffer (BTB) directly in the case of A9
and A17 and indirectly by invalidating the icache in the case of A15.

For Cortex A57 and A72 there is currently no workaround implemented
when EL3 is in AArch32 mode so report it as missing.

For other vulnerable CPUs (e.g. Cortex A73 and Cortex A75), there are
no changes since there is currently no upstream AArch32 EL3 support
for these CPUs.

Change-Id: Ib42c6ef0b3c9ff2878a9e53839de497ff736258f
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
@ghost ghost changed the title Workaround for CVE-2017-5715 in AArch32 mode + serial console reporting Workaround for CVE-2017-5715 for A9/A15 and A17 + serial console reporting Jan 18, 2018
@ghost ghost changed the title Workaround for CVE-2017-5715 for A9/A15 and A17 + serial console reporting Workarounds for CVE-2017-5715 for A9/A15 and A17 + serial console reporting Jan 18, 2018
@ghost ghost changed the title Workarounds for CVE-2017-5715 for A9/A15 and A17 + serial console reporting Workarounds for CVE-2017-5715 on A9/A15 and A17 + serial console reporting Jan 18, 2018
@danh-arm danh-arm mentioned this pull request Jan 18, 2018
Open
@davidcunado-arm
Copy link
Contributor

jenkins: test this please

1 similar comment
@davidcunado-arm
Copy link
Contributor

jenkins: test this please

@davidcunado-arm davidcunado-arm merged commit d95eb47 into ARM-software:integration Jan 25, 2018
@vsiles vsiles mentioned this pull request Jan 30, 2018
Closed
@kostapr kostapr mentioned this pull request Mar 5, 2018
Closed
sivadur pushed a commit to Xilinx/arm-trusted-firmware that referenced this pull request Apr 10, 2018
@davidcunado-arm @sivadur
Merge pull request ARM-software#1228 from dp-arm/dp/cve_2017_5715
8e62643 
Workarounds for CVE-2017-5715 on A9/A15 and A17 + serial console reporting
(cherry picked from commit d95eb47)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@davidcunado-arm