sp_min: Implement workaround for CVE-2017-5715

This patch introduces two workarounds for ARMv7 systems.  The
workarounds need to be applied prior to any `branch` instruction in
secure world.  This is achieved using a custom vector table where each
entry is an `add sp, sp, #1` instruction.

On entry to monitor mode, once the sequence of `ADD` instructions is
executed, the branch target buffer (BTB) is invalidated.  The bottom
bits of `SP` are then used to decode the exception entry type.

A side effect of this change is that the exception vectors are
installed before the CPU specific reset function.  This is now
consistent with how it is done on AArch64.

Note, on AArch32 systems, the exception vectors are typically tightly
integrated with the secure payload (e.g. the Trusted OS).  This
workaround will need porting to each secure payload that requires it.

The patch to modify the AArch32 per-cpu vbar to the corresponding
workaround vector table according to the CPU type will be done in a
later patch.

Change-Id: I5786872497d359e496ebe0757e8017fa98f753fa
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>

1 files changed, 6 insertions, 1 deletions

diff --git a/bl32/sp_min/sp_min.mk b/bl32/sp_min/sp_min.mk
index 56489a3c..67a1981e 100644
--- a/bl32/sp_min/sp_min.mk
+++ b/bl32/sp_min/sp_min.mk
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2016-2017, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2016-2018, ARM Limited and Contributors. All rights reserved.
 #
 # SPDX-License-Identifier: BSD-3-Clause
 #
@@ -26,6 +26,11 @@ ifeq (${ENABLE_AMU}, 1)
 BL32_SOURCES		+=	lib/extensions/amu/aarch32/amu.c
 endif
 
+ifeq (${WORKAROUND_CVE_2017_5715},1)
+BL32_SOURCES		+=	bl32/sp_min/workaround_cve_2017_5715_bpiall.S	\
+				bl32/sp_min/workaround_cve_2017_5715_icache_inv.S
+endif
+
 BL32_LINKERFILE	:=	bl32/sp_min/sp_min.ld.S
 
 # Include the platform-specific SP_MIN Makefile