Add support for dynamic mitigation for CVE-2018-3639

Some CPUS may benefit from using a dynamic mitigation approach for
CVE-2018-3639.  A new SMC interface is defined to allow software
executing in lower ELs to enable or disable the mitigation for their
execution context.

It should be noted that regardless of the state of the mitigation for
lower ELs, code executing in EL3 is always mitigated against
CVE-2018-3639.

NOTE: This change is a compatibility break for any platform using
the declare_cpu_ops_workaround_cve_2017_5715 macro.  Migrate to
the declare_cpu_ops_wa macro instead.

Change-Id: I3509a9337ad217bbd96de9f380c4ff8bf7917013
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>

1 files changed, 18 insertions, 0 deletions

diff --git a/services/arm_arch_svc/arm_arch_svc_setup.c b/services/arm_arch_svc/arm_arch_svc_setup.c
index 6089cf6a..45c4704e 100644
--- a/services/arm_arch_svc/arm_arch_svc_setup.c
+++ b/services/arm_arch_svc/arm_arch_svc_setup.c
@@ -11,6 +11,7 @@
 #include <smccc.h>
 #include <smccc_helpers.h>
 #include <wa_cve_2017_5715.h>
+#include <wa_cve_2018_3639.h>
 
 static int32_t smccc_version(void)
 {
@@ -31,8 +32,25 @@ static int32_t smccc_arch_features(u_register_t arg)
 #endif
 #if WORKAROUND_CVE_2018_3639
 	case SMCCC_ARCH_WORKAROUND_2:
+#if DYNAMIC_WORKAROUND_CVE_2018_3639
+		/*
+		 * On a platform where at least one CPU requires
+		 * dynamic mitigation but others are either unaffected
+		 * or permanently mitigated, report the latter as not
+		 * needing dynamic mitigation.
+		 */
+		if (wa_cve_2018_3639_get_disable_ptr() == NULL)
+			return 1;
+		/*
+		 * If we get here, this CPU requires dynamic mitigation
+		 * so report it as such.
+		 */
+		return 0;
+#else
+		/* Either the CPUs are unaffected or permanently mitigated */
 		return SMCCC_ARCH_NOT_REQUIRED;
 #endif
+#endif
 	default:
 		return SMC_UNK;
 	}