Add support for dynamic mitigation for CVE-2018-3639

Some CPUS may benefit from using a dynamic mitigation approach for CVE-2018-3639. A new SMC interface is defined to allow software executing in lower ELs to enable or disable the mitigation for their execution context. It should be noted that regardless of the state of the mitigation for lower ELs, code executing in EL3 is always mitigated against CVE-2018-3639. NOTE: This change is a compatibility break for any platform using the declare_cpu_ops_workaround_cve_2017_5715 macro. Migrate to the declare_cpu_ops_wa macro instead. Change-Id: I3509a9337ad217bbd96de9f380c4ff8bf7917013 Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
2026-01-14 00:26:30 +00:00 · 2018-05-16 11:36:14 +01:00
parent e086570815
commit fe007b2e15
12 changed files with 116 additions and 10 deletions
--- a/docs/cpu-specific-build-macros.rst
+++ b/docs/cpu-specific-build-macros.rst
@@ -30,6 +30,11 @@ vulnerability workarounds should be applied at runtime.
   CVE-2018-3639, in order to comply with the recommendation in the spec
   regarding workaround discovery.

+-  ``DYNAMIC_WORKAROUND_CVE_2018_3639``: Enables dynamic mitigation for
+   `CVE-2018-3639`_. This build option should be set to 1 if the target
+   platform contains at least 1 CPU that requires dynamic mitigation.
+   Defaults to 0.
+
 CPU Errata Workarounds
 ----------------------