1*91f16700Schasinglulu/* 2*91f16700Schasinglulu * Copyright (c) 2018, ARM Limited and Contributors. All rights reserved. 3*91f16700Schasinglulu * 4*91f16700Schasinglulu * SPDX-License-Identifier: BSD-3-Clause 5*91f16700Schasinglulu */ 6*91f16700Schasinglulu 7*91f16700Schasinglulu#include <asm_macros.S> 8*91f16700Schasinglulu 9*91f16700Schasinglulu .globl wa_cve_2017_5715_icache_inv_vbar 10*91f16700Schasinglulu 11*91f16700Schasingluluvector_base wa_cve_2017_5715_icache_inv_vbar 12*91f16700Schasinglulu /* We encode the exception entry in the bottom 3 bits of SP */ 13*91f16700Schasinglulu add sp, sp, #1 /* Reset: 0b111 */ 14*91f16700Schasinglulu add sp, sp, #1 /* Undef: 0b110 */ 15*91f16700Schasinglulu add sp, sp, #1 /* Syscall: 0b101 */ 16*91f16700Schasinglulu add sp, sp, #1 /* Prefetch abort: 0b100 */ 17*91f16700Schasinglulu add sp, sp, #1 /* Data abort: 0b011 */ 18*91f16700Schasinglulu add sp, sp, #1 /* Reserved: 0b010 */ 19*91f16700Schasinglulu add sp, sp, #1 /* IRQ: 0b001 */ 20*91f16700Schasinglulu nop /* FIQ: 0b000 */ 21*91f16700Schasinglulu 22*91f16700Schasinglulu /* 23*91f16700Schasinglulu * Invalidate the instruction cache, which we assume also 24*91f16700Schasinglulu * invalidates the branch predictor. This may depend on 25*91f16700Schasinglulu * other CPU specific changes (e.g. an ACTLR setting). 26*91f16700Schasinglulu */ 27*91f16700Schasinglulu stcopr r0, ICIALLU 28*91f16700Schasinglulu isb 29*91f16700Schasinglulu 30*91f16700Schasinglulu /* 31*91f16700Schasinglulu * As we cannot use any temporary registers and cannot 32*91f16700Schasinglulu * clobber SP, we can decode the exception entry using 33*91f16700Schasinglulu * an unrolled binary search. 34*91f16700Schasinglulu * 35*91f16700Schasinglulu * Note, if this code is re-used by other secure payloads, 36*91f16700Schasinglulu * the below exception entry vectors must be changed to 37*91f16700Schasinglulu * the vectors specific to that secure payload. 38*91f16700Schasinglulu */ 39*91f16700Schasinglulu 40*91f16700Schasinglulu tst sp, #4 41*91f16700Schasinglulu bne 1f 42*91f16700Schasinglulu 43*91f16700Schasinglulu tst sp, #2 44*91f16700Schasinglulu bne 3f 45*91f16700Schasinglulu 46*91f16700Schasinglulu /* Expected encoding: 0x1 and 0x0 */ 47*91f16700Schasinglulu tst sp, #1 48*91f16700Schasinglulu /* Restore original value of SP by clearing the bottom 3 bits */ 49*91f16700Schasinglulu bic sp, sp, #0x7 50*91f16700Schasinglulu bne plat_panic_handler /* IRQ */ 51*91f16700Schasinglulu b sp_min_handle_fiq /* FIQ */ 52*91f16700Schasinglulu 53*91f16700Schasinglulu1: 54*91f16700Schasinglulu /* Expected encoding: 0x4 and 0x5 */ 55*91f16700Schasinglulu tst sp, #2 56*91f16700Schasinglulu bne 2f 57*91f16700Schasinglulu 58*91f16700Schasinglulu tst sp, #1 59*91f16700Schasinglulu bic sp, sp, #0x7 60*91f16700Schasinglulu bne sp_min_handle_smc /* Syscall */ 61*91f16700Schasinglulu b plat_panic_handler /* Prefetch abort */ 62*91f16700Schasinglulu 63*91f16700Schasinglulu2: 64*91f16700Schasinglulu /* Expected encoding: 0x7 and 0x6 */ 65*91f16700Schasinglulu tst sp, #1 66*91f16700Schasinglulu bic sp, sp, #0x7 67*91f16700Schasinglulu bne sp_min_entrypoint /* Reset */ 68*91f16700Schasinglulu b plat_panic_handler /* Undef */ 69*91f16700Schasinglulu 70*91f16700Schasinglulu3: 71*91f16700Schasinglulu /* Expected encoding: 0x2 and 0x3 */ 72*91f16700Schasinglulu tst sp, #1 73*91f16700Schasinglulu bic sp, sp, #0x7 74*91f16700Schasinglulu bne plat_panic_handler /* Data abort */ 75*91f16700Schasinglulu b plat_panic_handler /* Reserved */ 76