From e74d658181e5e69b6b5e16b40adc1ffef4c1efb9 Mon Sep 17 00:00:00 2001 From: Bipin Ravi Date: Thu, 13 Oct 2022 17:25:51 -0500 Subject: [PATCH] fix(security): optimisations for CVE-2022-23960 Optimised the loop workaround for Spectre_BHB mitigation: 1. use of speculation barrier for cores implementing SB instruction. 2. use str/ldr instead of stp/ldp as the loop uses only X2 register. Signed-off-by: Bipin Ravi Change-Id: I8ac53ea1e42407ad8004c1d59c05f791011f195d --- include/arch/aarch64/asm_macros.S | 13 +++++++++++++ lib/cpus/aarch64/wa_cve_2022_23960_bhb.S | 9 ++++----- 2 files changed, 17 insertions(+), 5 deletions(-) diff --git a/include/arch/aarch64/asm_macros.S b/include/arch/aarch64/asm_macros.S index 7706cd831..66c39e5f1 100644 --- a/include/arch/aarch64/asm_macros.S +++ b/include/arch/aarch64/asm_macros.S @@ -214,6 +214,19 @@ ret .endm + /* + * Macro for using speculation barrier instruction introduced by + * FEAT_SB, if it's enabled. + */ + .macro speculation_barrier +#if ENABLE_FEAT_SB + sb +#else + dsb sy + isb +#endif + .endm + /* * Macro for mitigating against speculative execution beyond ERET. Uses the * speculation barrier instruction introduced by FEAT_SB, if it's enabled. diff --git a/lib/cpus/aarch64/wa_cve_2022_23960_bhb.S b/lib/cpus/aarch64/wa_cve_2022_23960_bhb.S index e0e41cc47..ceb93f139 100644 --- a/lib/cpus/aarch64/wa_cve_2022_23960_bhb.S +++ b/lib/cpus/aarch64/wa_cve_2022_23960_bhb.S @@ -9,11 +9,11 @@ #if WORKAROUND_CVE_2022_23960 /* * This macro applies the mitigation for CVE-2022-23960. - * The macro saves x2-x3 to the CPU context. + * The macro saves x2 to the CPU context. * SP should point to the CPU context. */ .macro apply_cve_2022_23960_bhb_wa _bhb_loop_count - stp x2, x3, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X2] + str x2, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X2] /* CVE-BHB-NUM loop count */ mov x2, \_bhb_loop_count @@ -24,8 +24,7 @@ 2: subs x2, x2, #1 bne 1b - dsb sy - isb - ldp x2, x3, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X2] + speculation_barrier + ldr x2, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X2] .endm #endif /* WORKAROUND_CVE_2022_23960 */