From patchwork Tue Jun 12 20:24:08 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nishanth Menon X-Patchwork-Id: 928485 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=quarantine dis=none) header.from=ti.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=ti.com header.i=@ti.com header.b="ckw6LlT1"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 4151cm6Vyyz9s0w for ; Wed, 13 Jun 2018 06:26:32 +1000 (AEST) Received: by lists.denx.de (Postfix, from userid 105) id 96E8FC21DCA; Tue, 12 Jun 2018 20:25:39 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=KHOP_BIG_TO_CC, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 8F0C1C21D65; Tue, 12 Jun 2018 20:24:41 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 0C316C21C6A; Tue, 12 Jun 2018 20:24:37 +0000 (UTC) Received: from fllnx210.ext.ti.com (fllnx210.ext.ti.com [198.47.19.17]) by lists.denx.de (Postfix) with ESMTPS id 6EE39C21C27 for ; Tue, 12 Jun 2018 20:24:35 +0000 (UTC) Received: from dlelxv90.itg.ti.com ([172.17.2.17]) by fllnx210.ext.ti.com (8.15.1/8.15.1) with ESMTP id w5CKODGc002681; Tue, 12 Jun 2018 15:24:13 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ti.com; s=ti-com-17Q1; t=1528835053; bh=uuJMPpftT0qN2v3iDWzOw80+IY4nlQgBbXrNGnlcEAY=; h=From:To:CC:Subject:Date:In-Reply-To:References; b=ckw6LlT1m+SLXkbRTDeZT/z5PvZ9HquO1qDOo3HWEw8LZAjTU2lwMCZPHrVycbWXM KGf/M80ueduQaf+/B2DObtSN8xwtzEoxOwXewp7hxbgrOwoOTCP3TAzvVkNcpVr0/R HiRYI2eA1Yzm2OIJy3NnshPIAT4Y9sqdAEg2cDJw= Received: from DLEE104.ent.ti.com (dlee104.ent.ti.com [157.170.170.34]) by dlelxv90.itg.ti.com (8.14.3/8.13.8) with ESMTP id w5CKODEG011472; Tue, 12 Jun 2018 15:24:13 -0500 Received: from DLEE103.ent.ti.com (157.170.170.33) by DLEE104.ent.ti.com (157.170.170.34) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3; Tue, 12 Jun 2018 15:24:12 -0500 Received: from dlep32.itg.ti.com (157.170.170.100) by DLEE103.ent.ti.com (157.170.170.33) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_RSA_WITH_AES_256_CBC_SHA) id 15.1.1466.3 via Frontend Transport; Tue, 12 Jun 2018 15:24:12 -0500 Received: from localhost (ileax41-snat.itg.ti.com [10.172.224.153]) by dlep32.itg.ti.com (8.14.3/8.13.8) with ESMTP id w5CKOCLf030864; Tue, 12 Jun 2018 15:24:12 -0500 From: Nishanth Menon To: Tom Rini , Russell King , Marc Zyngier , Catalin Marinas , Will Deacon , Tony Lindgren Date: Tue, 12 Jun 2018 15:24:08 -0500 Message-ID: <20180612202411.29798-2-nm@ti.com> X-Mailer: git-send-email 2.15.1 In-Reply-To: <20180612202411.29798-1-nm@ti.com> References: <20180612202411.29798-1-nm@ti.com> MIME-Version: 1.0 X-EXCLAIMER-MD-CONFIG: e1e8a2fd-e40a-4ac6-ac9b-f7e9cc9ee180 Cc: Ard Biesheuvel , Andre Przywara , U-Boot-Denx , Christoffer Dall , Robin Murphy , linux-arm-kernel@lists.infradead.org Subject: [U-Boot] [PATCH 1/4] ARM: Introduce ability to enable ACR::IBE on Cortex-A8 for CVE-2017-5715 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" As recommended by Arm in [1], IBE[2] has to be enabled unconditionally for BPIALL to be functional on Cortex-A8 processors. Provide a config option for platforms to enable this option based on impact analysis for products. NOTE: This patch in itself is NOT the final solution, this requires: a) Implementation of v7_arch_cp15_set_acr on SoCs which may not provide direct access to ACR register. b) Operating Systems such as Linux to provide adequate workaround in the right locations. c) This workaround applies to only the boot processor. It is important to apply workaround as necessary (context-save-restore) around low power context loss OR additional processors as necessary in either firmware support OR elsewhere in OS. [1] https://developer.arm.com/support/security-update [2] http://infocenter.arm.com/help/topic/com.arm.doc.ddi0344k/Bgbffjhh.html Cc: Marc Zyngier Cc: Russell King Cc: Tony Lindgren Cc: Robin Murphy Cc: Florian Fainelli Cc: Catalin Marinas Cc: Will Deacon Cc: Christoffer Dall Cc: Andre Przywara Cc: Ard Biesheuvel Cc: Tom Rini Cc: Michael Nazzareno Trimarchi Signed-off-by: Nishanth Menon Tested-by: Fabio Estevam --- arch/arm/Kconfig | 5 +++++ arch/arm/cpu/armv7/start.S | 7 +++++-- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig index dde422bc5d53..9e32d5b43cb0 100644 --- a/arch/arm/Kconfig +++ b/arch/arm/Kconfig @@ -108,6 +108,8 @@ config SYS_ARM_MPU # CONFIG_ARM_ERRATA_621766 # CONFIG_ARM_ERRATA_798870 # CONFIG_ARM_ERRATA_801819 +# CONFIG_ARM_CORTEX_A8_CVE_2017_5715 + config ARM_ERRATA_430973 bool @@ -177,6 +179,9 @@ config ARM_ERRATA_852423 config ARM_ERRATA_855873 bool +config ARM_CORTEX_A8_CVE_2017_5715 + bool + config CPU_ARM720T bool select SYS_CACHE_SHIFT_5 diff --git a/arch/arm/cpu/armv7/start.S b/arch/arm/cpu/armv7/start.S index c996525f861e..3beaf5a93d81 100644 --- a/arch/arm/cpu/armv7/start.S +++ b/arch/arm/cpu/armv7/start.S @@ -252,12 +252,15 @@ skip_errata_801819: pop {r1-r5} @ Restore the cpu info - fall through #endif -#ifdef CONFIG_ARM_ERRATA_430973 +#if defined(CONFIG_ARM_ERRATA_430973) || defined (CONFIG_ARM_CORTEX_A8_CVE_2017_5715) mrc p15, 0, r0, c1, c0, 1 @ Read ACR +#ifdef CONFIG_ARM_CORTEX_A8_CVE_2017_5715 + orr r0, r0, #(0x1 << 6) @ Set IBE bit always to enable OS WA +#else cmp r2, #0x21 @ Only on < r2p1 orrlt r0, r0, #(0x1 << 6) @ Set IBE bit - +#endif push {r1-r5} @ Save the cpu info registers bl v7_arch_cp15_set_acr pop {r1-r5} @ Restore the cpu info - fall through From patchwork Tue Jun 12 20:24:09 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nishanth Menon X-Patchwork-Id: 928486 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=quarantine dis=none) header.from=ti.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=ti.com header.i=@ti.com header.b="BWQ8LTOl"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 4151dK2J98z9s0w for ; Wed, 13 Jun 2018 06:27:01 +1000 (AEST) Received: by lists.denx.de (Postfix, from userid 105) id 12DECC21DB5; Tue, 12 Jun 2018 20:25:17 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=KHOP_BIG_TO_CC, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id CA0FFC21DA6; Tue, 12 Jun 2018 20:24:40 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id CA912C21BE5; Tue, 12 Jun 2018 20:24:37 +0000 (UTC) Received: from fllnx209.ext.ti.com (fllnx209.ext.ti.com [198.47.19.16]) by lists.denx.de (Postfix) with ESMTPS id 5528CC21C93 for ; Tue, 12 Jun 2018 20:24:36 +0000 (UTC) Received: from dlelxv90.itg.ti.com ([172.17.2.17]) by fllnx209.ext.ti.com (8.15.1/8.15.1) with ESMTP id w5CKODtR026495; Tue, 12 Jun 2018 15:24:13 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ti.com; s=ti-com-17Q1; t=1528835053; bh=Hk7m5+Z627gixASbCc3MsAavxfRTsbXt4VKV2ncGlDY=; h=From:To:CC:Subject:Date:In-Reply-To:References; b=BWQ8LTOlc5Aazx5pdgZ+RHHYbW1g5sFFk0hri/P5Oigwu63FY2qhVjRajM1O6A6Fo vXoLJsEi6JdukEpIllQzQdQrRQFr0drFtBewsxXF720s0lg39FfAAHl/70WnNYfc76 xMkYtaNMcmKqHO7J9MeFrxTqMCAerenC3f8c7f3M= Received: from DLEE100.ent.ti.com (dlee100.ent.ti.com [157.170.170.30]) by dlelxv90.itg.ti.com (8.14.3/8.13.8) with ESMTP id w5CKODZQ011477; Tue, 12 Jun 2018 15:24:13 -0500 Received: from DLEE101.ent.ti.com (157.170.170.31) by DLEE100.ent.ti.com (157.170.170.30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3; Tue, 12 Jun 2018 15:24:13 -0500 Received: from dflp33.itg.ti.com (10.64.6.16) by DLEE101.ent.ti.com (157.170.170.31) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_RSA_WITH_AES_256_CBC_SHA) id 15.1.1466.3 via Frontend Transport; Tue, 12 Jun 2018 15:24:13 -0500 Received: from localhost (ileax41-snat.itg.ti.com [10.172.224.153]) by dflp33.itg.ti.com (8.14.3/8.13.8) with ESMTP id w5CKODOL003454; Tue, 12 Jun 2018 15:24:13 -0500 From: Nishanth Menon To: Tom Rini , Russell King , Marc Zyngier , Catalin Marinas , Will Deacon , Tony Lindgren Date: Tue, 12 Jun 2018 15:24:09 -0500 Message-ID: <20180612202411.29798-3-nm@ti.com> X-Mailer: git-send-email 2.15.1 In-Reply-To: <20180612202411.29798-1-nm@ti.com> References: <20180612202411.29798-1-nm@ti.com> MIME-Version: 1.0 X-EXCLAIMER-MD-CONFIG: e1e8a2fd-e40a-4ac6-ac9b-f7e9cc9ee180 Cc: Ard Biesheuvel , Andre Przywara , U-Boot-Denx , Christoffer Dall , Robin Murphy , linux-arm-kernel@lists.infradead.org Subject: [U-Boot] [PATCH 2/4] ARM: Introduce ability to enable invalidate of BTB with ICIALLU on Cortex-A15 for CVE-2017-5715 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" As recommended by Arm in [1], ACTLR[0] (Enable invalidates of BTB) needs to be set[2] for BTB to be invalidated on ICIALLU. This needs to be done unconditionally for Cortex-A15 processors. Provide a config option for platforms to enable this option based on impact analysis for products. NOTE: This patch in itself is NOT the final solution, this requires: a) Implementation of v7_arch_cp15_set_acr on SoCs which may not provide direct access to ACR register. b) Operating Systems such as Linux to provide adequate workaround in the right locations. c) This workaround applies to only the boot processor. It is important to apply workaround as necessary (context-save-restore) around low power context loss OR additional processors as necessary in either firmware support OR elsewhere in OS. [1] https://developer.arm.com/support/security-update [2] http://infocenter.arm.com/help/topic/com.arm.doc.ddi0438c/BABGHIBG.html Cc: Marc Zyngier Cc: Russell King Cc: Tony Lindgren Cc: Robin Murphy Cc: Florian Fainelli Cc: Catalin Marinas Cc: Will Deacon Cc: Christoffer Dall Cc: Andre Przywara Cc: Ard Biesheuvel Cc: Tom Rini Cc: Michael Nazzareno Trimarchi Signed-off-by: Nishanth Menon Tested-by: Fabio Estevam --- arch/arm/Kconfig | 4 ++++ arch/arm/cpu/armv7/start.S | 8 ++++++++ 2 files changed, 12 insertions(+) diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig index 9e32d5b43cb0..98f58fd27696 100644 --- a/arch/arm/Kconfig +++ b/arch/arm/Kconfig @@ -109,6 +109,7 @@ config SYS_ARM_MPU # CONFIG_ARM_ERRATA_798870 # CONFIG_ARM_ERRATA_801819 # CONFIG_ARM_CORTEX_A8_CVE_2017_5715 +# CONFIG_ARM_CORTEX_A15_CVE_2017_5715 config ARM_ERRATA_430973 bool @@ -182,6 +183,9 @@ config ARM_ERRATA_855873 config ARM_CORTEX_A8_CVE_2017_5715 bool +config ARM_CORTEX_A15_CVE_2017_5715 + bool + config CPU_ARM720T bool select SYS_CACHE_SHIFT_5 diff --git a/arch/arm/cpu/armv7/start.S b/arch/arm/cpu/armv7/start.S index 3beaf5a93d81..81edec01bf32 100644 --- a/arch/arm/cpu/armv7/start.S +++ b/arch/arm/cpu/armv7/start.S @@ -241,6 +241,14 @@ skip_errata_798870: skip_errata_801819: #endif +#ifdef CONFIG_ARM_CORTEX_A15_CVE_2017_5715 + mrc p15, 0, r0, c1, c0, 1 @ read auxilary control register + orr r0, r0, #1 << 0 @ Enable invalidates of BTB + push {r1-r5} @ Save the cpu info registers + bl v7_arch_cp15_set_acr + pop {r1-r5} @ Restore the cpu info - fall through +#endif + #ifdef CONFIG_ARM_ERRATA_454179 mrc p15, 0, r0, c1, c0, 1 @ Read ACR From patchwork Tue Jun 12 20:24:10 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nishanth Menon X-Patchwork-Id: 928483 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=quarantine dis=none) header.from=ti.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=ti.com header.i=@ti.com header.b="s+Vj+Udo"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 4151bT1yThz9s0w for ; Wed, 13 Jun 2018 06:25:25 +1000 (AEST) Received: by lists.denx.de (Postfix, from userid 105) id EAAE3C21CB1; Tue, 12 Jun 2018 20:24:59 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=KHOP_BIG_TO_CC, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id D5F07C21D83; Tue, 12 Jun 2018 20:24:39 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id F10ABC21BE5; Tue, 12 Jun 2018 20:24:36 +0000 (UTC) Received: from fllnx209.ext.ti.com (fllnx209.ext.ti.com [198.47.19.16]) by lists.denx.de (Postfix) with ESMTPS id D7416C21BE5 for ; Tue, 12 Jun 2018 20:24:34 +0000 (UTC) Received: from dflxv15.itg.ti.com ([128.247.5.124]) by fllnx209.ext.ti.com (8.15.1/8.15.1) with ESMTP id w5CKOD3e026499; Tue, 12 Jun 2018 15:24:13 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ti.com; s=ti-com-17Q1; t=1528835053; bh=dPREojNimxFYzgI3MQVg/7rR0UCE1nimJv6wY+3A9pA=; h=From:To:CC:Subject:Date:In-Reply-To:References; b=s+Vj+Udo/VBTZvuX+gBJtuzoAsg46PmXfsOBsoYANCda251cs/+EOU8W+5YIpfGHI yiamPDXzxQKfuG2CA7jkcV7eWSbilqaluROSX/HehDek0yGe56gEdGGeybcCC/tqxd I6N68Xis9zAI0NyGL1RTC1yaEFlcy/Yvj8S10q1U= Received: from DLEE104.ent.ti.com (dlee104.ent.ti.com [157.170.170.34]) by dflxv15.itg.ti.com (8.14.3/8.13.8) with ESMTP id w5CKOD8F008045; Tue, 12 Jun 2018 15:24:13 -0500 Received: from DLEE106.ent.ti.com (157.170.170.36) by DLEE104.ent.ti.com (157.170.170.34) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3; Tue, 12 Jun 2018 15:24:13 -0500 Received: from dflp32.itg.ti.com (10.64.6.15) by DLEE106.ent.ti.com (157.170.170.36) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_RSA_WITH_AES_256_CBC_SHA) id 15.1.1466.3 via Frontend Transport; Tue, 12 Jun 2018 15:24:13 -0500 Received: from localhost (ileax41-snat.itg.ti.com [10.172.224.153]) by dflp32.itg.ti.com (8.14.3/8.13.8) with ESMTP id w5CKODq9025717; Tue, 12 Jun 2018 15:24:13 -0500 From: Nishanth Menon To: Tom Rini , Russell King , Marc Zyngier , Catalin Marinas , Will Deacon , Tony Lindgren Date: Tue, 12 Jun 2018 15:24:10 -0500 Message-ID: <20180612202411.29798-4-nm@ti.com> X-Mailer: git-send-email 2.15.1 In-Reply-To: <20180612202411.29798-1-nm@ti.com> References: <20180612202411.29798-1-nm@ti.com> MIME-Version: 1.0 X-EXCLAIMER-MD-CONFIG: e1e8a2fd-e40a-4ac6-ac9b-f7e9cc9ee180 Cc: Ard Biesheuvel , Andre Przywara , U-Boot-Denx , Robin Murphy , linux-arm-kernel@lists.infradead.org Subject: [U-Boot] [PATCH 3/4] ARM: mach-omap2: omap5/dra7: Enable ACTLR[0] (Enable invalidates of BTB) to facilitate CVE_2017-5715 WA in OS X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" Enable CVE_2017_5715 and since we have our own v7_arch_cp15_set_acr function to setup the bits, we are able to override the settings. Without this enabled, Linux kernel reports: CPU0: Spectre v2: firmware did not set auxiliary control register IBE bit, system vulnerable With this enabled, Linux kernel reports: CPU0: Spectre v2: using ICIALLU workaround NOTE: This by itself does not enable the workaround for CPU1 (on OMAP5 and DRA72/AM572 SoCs) and may require additional kernel patches. Signed-off-by: Nishanth Menon --- arch/arm/mach-omap2/Kconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/arm/mach-omap2/Kconfig b/arch/arm/mach-omap2/Kconfig index 3bb1ecb58de0..77820cc8d1e4 100644 --- a/arch/arm/mach-omap2/Kconfig +++ b/arch/arm/mach-omap2/Kconfig @@ -53,6 +53,7 @@ config OMAP54XX bool "OMAP54XX SoC" select ARM_ERRATA_798870 select SYS_THUMB_BUILD + select ARM_CORTEX_A15_CVE_2017_5715 imply NAND_OMAP_ELM imply NAND_OMAP_GPMC imply SPL_DISPLAY_PRINT From patchwork Tue Jun 12 20:24:11 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nishanth Menon X-Patchwork-Id: 928482 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=quarantine dis=none) header.from=ti.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=ti.com header.i=@ti.com header.b="jokf9Jg9"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 4151Zh015xz9s1B for ; Wed, 13 Jun 2018 06:24:43 +1000 (AEST) Received: by lists.denx.de (Postfix, from userid 105) id A1969C21E0D; Tue, 12 Jun 2018 20:24:41 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=KHOP_BIG_TO_CC, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 15631C21C27; Tue, 12 Jun 2018 20:24:39 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id E0EF5C21CB1; Tue, 12 Jun 2018 20:24:36 +0000 (UTC) Received: from fllnx209.ext.ti.com (fllnx209.ext.ti.com [198.47.19.16]) by lists.denx.de (Postfix) with ESMTPS id D742BC21C6A for ; Tue, 12 Jun 2018 20:24:34 +0000 (UTC) Received: from dflxv15.itg.ti.com ([128.247.5.124]) by fllnx209.ext.ti.com (8.15.1/8.15.1) with ESMTP id w5CKODWA026501; Tue, 12 Jun 2018 15:24:13 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ti.com; s=ti-com-17Q1; t=1528835053; bh=orUcB230++Y4ahyQQm1w3EahuBTT14Dr4Q9yeZcz5Fo=; h=From:To:CC:Subject:Date:In-Reply-To:References; b=jokf9Jg98H/qOJmmtM1Cz93kmE04mnzznXerkm6GoSEivyTYkUQ33iTwTlkct3aZM TRa4XzsSrvUPjgI+oMbD5IeZEvSGqd/eGRM+5rL3e4zr2PMHfLySVHNhAVQIzR+AXD uagms+YRm+Vd3rfC8LYSs7zGNR4PYR1nAB9hrEdc= Received: from DLEE105.ent.ti.com (dlee105.ent.ti.com [157.170.170.35]) by dflxv15.itg.ti.com (8.14.3/8.13.8) with ESMTP id w5CKODJn008047; Tue, 12 Jun 2018 15:24:13 -0500 Received: from DLEE115.ent.ti.com (157.170.170.26) by DLEE105.ent.ti.com (157.170.170.35) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3; Tue, 12 Jun 2018 15:24:13 -0500 Received: from dlep33.itg.ti.com (157.170.170.75) by DLEE115.ent.ti.com (157.170.170.26) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_RSA_WITH_AES_256_CBC_SHA) id 15.1.1466.3 via Frontend Transport; Tue, 12 Jun 2018 15:24:13 -0500 Received: from localhost (ileax41-snat.itg.ti.com [10.172.224.153]) by dlep33.itg.ti.com (8.14.3/8.13.8) with ESMTP id w5CKODsS004393; Tue, 12 Jun 2018 15:24:13 -0500 From: Nishanth Menon To: Tom Rini , Russell King , Marc Zyngier , Catalin Marinas , Will Deacon , Tony Lindgren Date: Tue, 12 Jun 2018 15:24:11 -0500 Message-ID: <20180612202411.29798-5-nm@ti.com> X-Mailer: git-send-email 2.15.1 In-Reply-To: <20180612202411.29798-1-nm@ti.com> References: <20180612202411.29798-1-nm@ti.com> MIME-Version: 1.0 X-EXCLAIMER-MD-CONFIG: e1e8a2fd-e40a-4ac6-ac9b-f7e9cc9ee180 Cc: Ard Biesheuvel , Andre Przywara , U-Boot-Denx , Robin Murphy , linux-arm-kernel@lists.infradead.org Subject: [U-Boot] [PATCH 4/4] ARM: mach-omap2: omap3/am335x: Enable ACR::IBE on Cortex-A8 SoCs for CVE-2017-5715 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" Enable CVE-2017-5715 option to set the IBE bit. This enables kernel workarounds necessary for the said CVE. With this enabled, Linux reports: CPU0: Spectre v2: using BPIALL workaround This workaround may need to be re-applied in OS environment around low power transition resume states where context of ACR would be lost (off-mode etc). Signed-off-by: Nishanth Menon --- arch/arm/mach-omap2/Kconfig | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/arm/mach-omap2/Kconfig b/arch/arm/mach-omap2/Kconfig index 77820cc8d1e4..f4babc8d2600 100644 --- a/arch/arm/mach-omap2/Kconfig +++ b/arch/arm/mach-omap2/Kconfig @@ -10,6 +10,7 @@ config OMAP34XX select ARM_ERRATA_454179 select ARM_ERRATA_621766 select ARM_ERRATA_725233 + select ARM_CORTEX_A8_CVE_2017_5715 select USE_TINY_PRINTF imply NAND_OMAP_GPMC imply SPL_EXT_SUPPORT @@ -116,6 +117,7 @@ config AM43XX config AM33XX bool "AM33XX SoC" select SPECIFY_CONSOLE_INDEX + select ARM_CORTEX_A8_CVE_2017_5715 imply NAND_OMAP_ELM imply NAND_OMAP_GPMC imply SPL_NAND_AM33XX_BCH