Merge "fix(cpus): workaround for Neoverse-V2 erratum 3442699" into integration

fix(cpus): workaround for Neoverse-V2 erratum 3442699

Neoverse-V2 erratum 3442699 applies to r0p0, r0p1, and r0p2
and it is still open.

PE may execute incorrect instructions when icache is enabled.

fix(cpus): workaround for Neoverse-V2 erratum 3442699

Neoverse-V2 erratum 3442699 applies to r0p0, r0p1, and r0p2
and it is still open.

PE may execute incorrect instructions when icache is enabled.
As workaround, Set CPUACTLR_EL1[36] before enabling icache.

SDEN: https://developer.arm.com/documentation/SDEN-2332927/latest

Change-Id: I38edc6ba445223091c3933cbca35b56db491c926
Signed-off-by: Jaiprakash Singh <jaiprakashs@marvell.com>
Signed-off-by: Chandrakala Chavva <cchavva@cavium.com>
Reviewed-by: Chandrakala Chavva <cchavva@marvell.com>
Tested-by: Chandrakala Chavva <cchavva@marvell.com>

show more ...

Merge "fix(cpus): register ARCH_WORKAROUND_3 for Neoverse V2" into integration

fix(cpus): register ARCH_WORKAROUND_3 for Neoverse V2

Neoverse V2 never registered ARCH_WORKAROUND_3 in the errata
framework, causing SMCCC_ARCH_WORKAROUND_3 discovery to always return 1.

The SMCCC

fix(cpus): register ARCH_WORKAROUND_3 for Neoverse V2

Neoverse V2 never registered ARCH_WORKAROUND_3 in the errata
framework, causing SMCCC_ARCH_WORKAROUND_3 discovery to always return 1.

The SMCCC specification language prior to 1.6 G EAC1 was ambiguous
regarding the meaning of return value 1, leading to inconsistent
interpretations by callers. This ambiguity has since been resolved in
1.6 G EAC1 release, which clarifies that a return value of 1 does *not*
mean the core is unaffected and that callers must independently
determine the erratum status.

While TF-A has always followed this interpretation, some consumers may
still treat a return value of 1 as “not affected”, potentially leading
to security issues if the OS does not apply its own workaround.

Firmware originally returned 1 on V2 to avoid unnecessary WA3 SMC calls
on every syscall return, since this would negatively impact performance.
For Cortex-A57/72/73/75, SMCCC_ARCH_WORKAROUND_3 returns 0, while for
many newer cores (A76, A78, X2, A715, Neoverse V1/V2) the return value
is 1 because a local OS mitigation is available and calling into
firmware is not required.

Because this interface was expected to age out, we do not want to change
the status quo for other CPUs. This patch confines the fix to Neoverse
V2 only by adding the missing ARCH_WORKAROUND_3 registration, allowing
affected V2 revisions to return 0 as intended.

Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I8c08c26e0b7c268772d75d36d759564a7d67cd76

show more ...

Merge changes from topic "ar/smccc_arch_wa_4" into integration

* changes:
docs(security): update CVE-2024-7881 affected CPU revisions
fix(security): update Neoverse-V2 fix version for CVE-2024-7

Merge changes from topic "ar/smccc_arch_wa_4" into integration

* changes:
docs(security): update CVE-2024-7881 affected CPU revisions
fix(security): update Neoverse-V2 fix version for CVE-2024-7881
fix(security): update Cortex-X3 fix version for CVE-2024-7881
fix(security): update Neoverse-V3/V3AE fix version for CVE-2024-7881
fix(security): update Cortex-X925 fix version for CVE-2024-7881
fix(security): update Cortex-X4 fix version for CVE-2024-7881

show more ...

fix(security): update Neoverse-V2 fix version for CVE-2024-7881

This patch updates the Neoverse-V2 revisions for
which the CVE-2024-7881 [1] / Cat B erratum 3696445 [2] applies.
The erratum applies

fix(security): update Neoverse-V2 fix version for CVE-2024-7881

This patch updates the Neoverse-V2 revisions for
which the CVE-2024-7881 [1] / Cat B erratum 3696445 [2] applies.
The erratum applies to r0p0, r0p1, r0p2 and is still open.

[1] https://developer.arm.com/documentation/110326/latest/
[2] https://developer.arm.com/documentation/SDEN-2332927/latest
Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: I1ae196fa8ce4579524faba4916f631e7c4db358b

show more ...

Merge changes from topic "gr/spectre_bhb_updates" into integration

* changes:
fix(security): fix Neoverse V2 CVE-2022-23960
fix(security): fix Cortex-X3 CVE-2022-23960
fix(security): fix Corte

Merge changes from topic "gr/spectre_bhb_updates" into integration

* changes:
fix(security): fix Neoverse V2 CVE-2022-23960
fix(security): fix Cortex-X3 CVE-2022-23960
fix(security): fix Cortex-A715 CVE-2022-23960
fix(security): fix spectre bhb loop count for Cortex-A720

show more ...

fix(security): fix Neoverse V2 CVE-2022-23960

Apply CVE-2022-23960 mitigation to Neoverse V2, revision r0p0 only.
Ref - https://developer.arm.com/documentation/110280/latest/

Change-Id: I859012281f

fix(security): fix Neoverse V2 CVE-2022-23960

Apply CVE-2022-23960 mitigation to Neoverse V2, revision r0p0 only.
Ref - https://developer.arm.com/documentation/110280/latest/

Change-Id: I859012281fc67243f050d27e364f27434389c0cf
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>

show more ...

Merge changes from topic "ar/v2_errata" into integration

* changes:
fix(cpus): workaround for Neoverse-V2 erratum 3701771
fix(cpus): workaround for Neoverse-V2 erratum 3841324

fix(cpus): workaround for Neoverse-V2 erratum 3701771

Neoverse-V2 erratum 3701771 that applies to r0p0, r0p1, r0p2 is
still Open.

The workaround is for EL3 software that performs context save/resto

fix(cpus): workaround for Neoverse-V2 erratum 3701771

Neoverse-V2 erratum 3701771 that applies to r0p0, r0p1, r0p2 is
still Open.

The workaround is for EL3 software that performs context save/restore
on a change of Security state to use a value of SCR_EL3.NS when
accessing ICH_VMCR_EL2 that reflects the Security state that owns the
data being saved or restored.

The mitigation is implemented in commit 7455cd172 and this patch should be applied on top of it.

SDEN documentation:
https://developer.arm.com/documentation/SDEN-2332927/latest

Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: Ic0ad68f7bd393bdc03343d5ba815adb23bf6a24d

show more ...

fix(cpus): workaround for Neoverse-V2 erratum 3841324

Neoverse-V2 erratum 3841324 is a Cat B erratum that applies to
r0p0 and r0p1. It is fixed in r0p2.

This erratum can be avoided by setting CPUAC

fix(cpus): workaround for Neoverse-V2 erratum 3841324

Neoverse-V2 erratum 3841324 is a Cat B erratum that applies to
r0p0 and r0p1. It is fixed in r0p2.

This erratum can be avoided by setting CPUACTLR_EL1[1]
prior to enabling MMU. This bit will disable a branch predictor
power savings feature. Disabling this power feature
results in negligible power movement and no performance impact.

SDEN Documentation:
https://developer.arm.com/documentation/SDEN-2332927/latest

Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: I9b3a5266103e5000d207c7a270c65455d0646102

show more ...

Merge "fix(cpus): check minor revision before applying runtime errata" into integration

fix(cpus): check minor revision before applying runtime errata

Patch db9ee83432 removed cpu_rev checking for runtime errata
within cpu functions with the argument that if we're in the cpu file,
we'v

fix(cpus): check minor revision before applying runtime errata

Patch db9ee83432 removed cpu_rev checking for runtime errata
within cpu functions with the argument that if we're in the cpu file,
we've already check the MIDR and matched against the CPU. However, that
also removes the revision check which being in the cpu file does not
guarantee. Reintroduce the MIDR checking so that the revision check
happens and errata can be skipped if they don't apply.

Change-Id: I46b2ba8b524a073e02b4b5de641ae97795bc176b
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>

show more ...

Merge changes from topic "ar/cve_wa_refactor" into integration

* changes:
refactor(cpus): optimize CVE checking
refactor(cpus): move errata check to common code
refactor(cpus): drop unused arg

Merge changes from topic "ar/cve_wa_refactor" into integration

* changes:
refactor(cpus): optimize CVE checking
refactor(cpus): move errata check to common code
refactor(cpus): drop unused argument forward_flag

show more ...

refactor(cpus): optimize CVE checking

This patch replaces the use of EXTRA functions
with using erratum entries check
to verify CVE mitigation application for some of
the SMCCC_ARCH_WORKAROUND_* cal

refactor(cpus): optimize CVE checking

This patch replaces the use of EXTRA functions
with using erratum entries check
to verify CVE mitigation application for some of
the SMCCC_ARCH_WORKAROUND_* calls.

Previously, EXTRA functions were individually implemented for
each SMCCC_ARCH_WORKAROUND_*, an approach that becomes unmanageable
with the increasing number of workarounds.
By looking up erratum entries for CVE check, the process is streamlined,
reducing overhead associated with creating and
maintaining EXTRA functions for each new workaround.

New Errata entries are created for SMC workarounds and
that is used to target cpus that are uniquely impacted
by SMC workarounds.

Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: I873534e367a35c99461d0a616ff7bf856a0000af

show more ...

Merge "fix(cpus): remove errata setting PF_MODE to conservative" into integration

fix(cpus): remove errata setting PF_MODE to conservative

The erratum titled “Disabling of data prefetcher with outstanding
prefetch TLB miss might cause a deadlock” should not be handled within
TF-A

fix(cpus): remove errata setting PF_MODE to conservative

The erratum titled “Disabling of data prefetcher with outstanding
prefetch TLB miss might cause a deadlock” should not be handled within
TF-A. The current workaround attempts to follow option 2 but
misapplies it. Specifically, it statically sets PF_MODE to
conservative, which is not the recommended approach. According to the
erratum documentation, PF_MODE should be configured in conservative
mode only when we disable data prefetcher however this is not done
in TF-A and thus the workaround is not needed in TF-A.

The static setting of PF_MODE in TF-A does not correctly address the
erratum and may introduce unnecessary performance degradation on
platforms that adopt it without fully understanding its implications.

To prevent incorrect or unintended use, the current implementation of
this erratum workaround should be removed from TF-A and not adopted by
platforms.

List of Impacted CPU's with Errata Numbers and reference to SDEN -

Cortex-A78 - 2132060 - https://developer.arm.com/documentation/SDEN1401784/latest
Cortex-A78C - 2132064 - https://developer.arm.com/documentation/SDEN-2004089/latest
Cortex-A710 - 2058056 - https://developer.arm.com/documentation/SDEN-1775101/latest
Cortex-X2 - 2058056 - https://developer.arm.com/documentation/SDEN-1775100/latest
Cortex-X3 - 2070301 - https://developer.arm.com/documentation/SDEN2055130/latest
Neoverse-N2 - 2138953 - https://developer.arm.com/documentation/SDEN-1982442/latest
Neoverse-V1 - 2108267 - https://developer.arm.com/documentation/SDEN-1401781/latest
Neoverse-V2 - 2331132 - https://developer.arm.com/documentation/SDEN-2332927/latest

Change-Id: Icf4048508ae070b2df073cc46c63be058b2779df
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>

show more ...

Merge changes from topic "ar/cvereorder" into integration

* changes:
chore(cpus): fix cve order in Neoverse-V2
chore(cpus): rearrange the errata and cve in order in Cortex-A710

chore(cpus): fix cve order in Neoverse-V2

Patch rearranges CVE-2024-5660 in order based on
the year and index for Neoverse-V2.

Change-Id: I092a93ef3299fd733abae9c462c019f94d881413
Signed-off-by: So

chore(cpus): fix cve order in Neoverse-V2

Patch rearranges CVE-2024-5660 in order based on
the year and index for Neoverse-V2.

Change-Id: I092a93ef3299fd733abae9c462c019f94d881413
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>

show more ...

Merge changes from topic "bk/errata_speed" into integration

* changes:
refactor(cpus): declare runtime errata correctly
perf(cpus): make reset errata do fewer branches
perf(cpus): inline the i

Merge changes from topic "bk/errata_speed" into integration

* changes:
refactor(cpus): declare runtime errata correctly
perf(cpus): make reset errata do fewer branches
perf(cpus): inline the init_cpu_data_ptr function
perf(cpus): inline the reset function
perf(cpus): inline the cpu_get_rev_var call
perf(cpus): inline cpu_rev_var checks
refactor(cpus): register DSU errata with the errata framework's wrappers
refactor(cpus): convert checker functions to standard helpers
refactor(cpus): convert the Cortex-A65 to use the errata framework
fix(cpus): declare reset errata correctly

show more ...

perf(cpus): make reset errata do fewer branches

Errata application is painful for performance. For a start, it's done
when the core has just come out of reset, which means branch predictors
and cach

perf(cpus): make reset errata do fewer branches

Errata application is painful for performance. For a start, it's done
when the core has just come out of reset, which means branch predictors
and caches will be empty so a branch to a workaround function must be
fetched from memory and that round trip is very slow. Then it also runs
with the I-cache off, which means that the loop to iterate over the
workarounds must also be fetched from memory on each iteration.

We can remove both branches. First, we can simply apply every erratum
directly instead of defining a workaround function and jumping to it.
Currently, no errata that need to be applied at both reset and runtime,
with the same workaround function, exist. If the need arose in future,
this should be achievable with a reset + runtime wrapper combo.

Then, we can construct a function that applies each erratum linearly
instead of looping over the list. If this function is part of the reset
function, then the only "far" branches at reset will be for the checker
functions. Importantly, this mitigates the slowdown even when an erratum
is disabled.

The result is ~50% speedup on N1SDP and ~20% on AArch64 Juno on wakeup
from PSCI calls that end in powerdown. This is roughly back to the
baseline of v2.9, before the errata framework regressed on performance
(or a little better). It is important to note that there are other
slowdowns since then that remain unknown.

Change-Id: Ie4d5288a331b11fd648e5c4a0b652b74160b07b9
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>

show more ...

Merge changes from topic "ar/smccc_arch_wa_4" into integration

* changes:
fix(security): apply SMCCC_ARCH_WORKAROUND_4 to affected cpus
fix(security): add support in cpu_ops for CVE-2024-7881

Merge changes from topic "ar/smccc_arch_wa_4" into integration

* changes:
fix(security): apply SMCCC_ARCH_WORKAROUND_4 to affected cpus
fix(security): add support in cpu_ops for CVE-2024-7881
fix(security): add CVE-2024-7881 mitigation to Cortex-X3
fix(security): add CVE-2024-7881 mitigation to Neoverse-V3
fix(security): add CVE-2024-7881 mitigation to Neoverse-V2
fix(security): add CVE-2024-7881 mitigation to Cortex-X925
fix(security): add CVE-2024-7881 mitigation to Cortex-X4
fix(security): enable WORKAROUND_CVE_2024_7881 build option

show more ...

fix(security): apply SMCCC_ARCH_WORKAROUND_4 to affected cpus

This patch implements SMCCC_ARCH_WORKAROUND_4 and
allows discovery through SMCCC_ARCH_FEATURES.
This mechanism is enabled if CVE_2024_78

fix(security): apply SMCCC_ARCH_WORKAROUND_4 to affected cpus

This patch implements SMCCC_ARCH_WORKAROUND_4 and
allows discovery through SMCCC_ARCH_FEATURES.
This mechanism is enabled if CVE_2024_7881 [1] is enabled
by the platform. If CVE_2024_7881 mitigation
is implemented, the discovery call returns 0,
if not -1 (SMC_ARCH_CALL_NOT_SUPPORTED).

For more information about SMCCC_ARCH_WORKAROUND_4 [2], please
refer to the SMCCC Specification reference provided below.

[1]: https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-7881
[2]: https://developer.arm.com/documentation/den0028/latest

Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: I1b1ffaa1f806f07472fd79d5525f81764d99bc79

show more ...

fix(security): add CVE-2024-7881 mitigation to Neoverse-V2

This patch mitigates CVE-2024-7881 [1] by setting CPUACTLR6_EL1[41] to 1
for Neoverse-V2 CPU.

[1]: https://developer.arm.com/Arm%20Securit

fix(security): add CVE-2024-7881 mitigation to Neoverse-V2

This patch mitigates CVE-2024-7881 [1] by setting CPUACTLR6_EL1[41] to 1
for Neoverse-V2 CPU.

[1]: https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-7881

Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: I129814eb3494b287fd76a3f7dbc50f76553b2565

show more ...

Merge changes from topic "sm/fix_erratum" into integration

* changes:
fix(cpus): workaround for CVE-2024-5660 for Cortex-X925
fix(cpus): workaround for CVE-2024-5660 for Cortex-X2
fix(cpus): w

Merge changes from topic "sm/fix_erratum" into integration

* changes:
fix(cpus): workaround for CVE-2024-5660 for Cortex-X925
fix(cpus): workaround for CVE-2024-5660 for Cortex-X2
fix(cpus): workaround for CVE-2024-5660 for Cortex-A77
fix(cpus): workaround for CVE-2024-5660 for Neoverse-V1
fix(cpus): workaround for CVE-2024-5660 for Cortex-A78_AE
fix(cpus): workaround for CVE-2024-5660 for Cortex-A78C
fix(cpus): workaround for CVE-2024-5660 for Cortex-A78
fix(cpus): workaround for CVE-2024-5660 for Cortex-X1
fix(cpus): workaround for CVE-2024-5660 for Neoverse-N2
fix(cpus): workaround for CVE-2024-5660 for Cortex-A710
fix(cpus): workaround for CVE-2024-5660 for Neoverse-V2
fix(cpus): workaround for CVE-2024-5660 for Cortex-X3
fix(cpus): workaround for CVE-2024-5660 for Neoverse-V3
fix(cpus): workaround for CVE-2024-5660 for Cortex-X4

show more ...