11fe4a9d1SBipin Ravi/* 2*d6affea1SGovindraj Raja * Copyright (c) 2025, Arm Limited and Contributors. All rights reserved. 31fe4a9d1SBipin Ravi * 41fe4a9d1SBipin Ravi * SPDX-License-Identifier: BSD-3-Clause 51fe4a9d1SBipin Ravi */ 61fe4a9d1SBipin Ravi 71fe4a9d1SBipin Ravi#include <context.h> 81fe4a9d1SBipin Ravi 91fe4a9d1SBipin Ravi#if WORKAROUND_CVE_2022_23960 101fe4a9d1SBipin Ravi /* 111fe4a9d1SBipin Ravi * This macro applies the mitigation for CVE-2022-23960. 12e74d6581SBipin Ravi * The macro saves x2 to the CPU context. 131fe4a9d1SBipin Ravi * SP should point to the CPU context. 141fe4a9d1SBipin Ravi */ 151fe4a9d1SBipin Ravi .macro apply_cve_2022_23960_bhb_wa _bhb_loop_count 16*d6affea1SGovindraj Raja 17*d6affea1SGovindraj Raja#if ENABLE_FEAT_CLRBHB 18*d6affea1SGovindraj Raja /* 19*d6affea1SGovindraj Raja * Platforms with FEAT_CLRBHB can omit the loop. 20*d6affea1SGovindraj Raja */ 21*d6affea1SGovindraj Raja clrbhb 22*d6affea1SGovindraj Raja isb 23*d6affea1SGovindraj Raja#endif /* ENABLE_FEAT_CLRBHB */ 24*d6affea1SGovindraj Raja 25*d6affea1SGovindraj Raja#if ENABLE_FEAT_CLRBHB != 1 26e74d6581SBipin Ravi str x2, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X2] 271fe4a9d1SBipin Ravi 281fe4a9d1SBipin Ravi /* CVE-BHB-NUM loop count */ 291fe4a9d1SBipin Ravi mov x2, \_bhb_loop_count 301fe4a9d1SBipin Ravi 311fe4a9d1SBipin Ravi1: 321fe4a9d1SBipin Ravi /* b pc+4 part of the workaround */ 331fe4a9d1SBipin Ravi b 2f 341fe4a9d1SBipin Ravi2: 351fe4a9d1SBipin Ravi subs x2, x2, #1 361fe4a9d1SBipin Ravi bne 1b 37e74d6581SBipin Ravi speculation_barrier 38e74d6581SBipin Ravi ldr x2, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X2] 39*d6affea1SGovindraj Raja3: 40*d6affea1SGovindraj Raja#endif /* ENABLE_FEAT_CLRBHB != 1 */ 411fe4a9d1SBipin Ravi .endm 421fe4a9d1SBipin Ravi#endif /* WORKAROUND_CVE_2022_23960 */ 43