Merge "fix(security): optimisations for CVE-2022-23960" into integration

2 years ago · 52a79b0ed7
2 changed files with 17 additions and 5 deletions
--- a/include/arch/aarch64/asm_macros.S
+++ b/include/arch/aarch64/asm_macros.S
@ -214,6 +214,19 @@
 	ret
 	.endm

+	/*
+	 * Macro for using speculation barrier instruction introduced by
+	 * FEAT_SB, if it's enabled.
+	 */
+	.macro speculation_barrier
+#if ENABLE_FEAT_SB
+	sb
+#else
+	dsb	sy
+	isb
+#endif
+	.endm
+
 	/*
 	 * Macro for mitigating against speculative execution beyond ERET. Uses the
 	 * speculation barrier instruction introduced by FEAT_SB, if it's enabled.
--- a/lib/cpus/aarch64/wa_cve_2022_23960_bhb.S
+++ b/lib/cpus/aarch64/wa_cve_2022_23960_bhb.S
@ -9,11 +9,11 @@
 #if WORKAROUND_CVE_2022_23960
 	/*
 	 * This macro applies the mitigation for CVE-2022-23960.
-         * The macro saves x2-x3 to the CPU context.
+         * The macro saves x2 to the CPU context.
         * SP should point to the CPU context.
 	 */
 	.macro	apply_cve_2022_23960_bhb_wa _bhb_loop_count
-	stp	x2, x3, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X2]
+	str	x2, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X2]

 	/* CVE-BHB-NUM loop count */
 	mov	x2, \_bhb_loop_count
@ -24,8 +24,7 @@
 2:
 	subs	x2, x2, #1
 	bne	1b
-	dsb	sy
-	isb
-	ldp	x2, x3, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X2]
+	speculation_barrier
+	ldr	x2, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X2]
 	.endm
 #endif /* WORKAROUND_CVE_2022_23960 */