File xsa398-3.patch of Package xen.31431
# Commit 4b68d12d98b8790d8002fcc2c25a9d713374a4d7
# Date 2022-03-08 16:38:02 +0000
# Author Bertrand Marquis <bertrand.marquis@arm.com>
# Committer Andrew Cooper <andrew.cooper3@citrix.com>
xen/arm: Add ECBHB and CLEARBHB ID fields
Introduce ID coprocessor register ID_AA64ISAR2_EL1.
Add definitions in cpufeature and sysregs of ECBHB field in mmfr1 and
CLEARBHB in isar2 ID coprocessor registers.
This is part of XSA-398 / CVE-2022-23960.
Signed-off-by: Bertrand Marquis <bertrand.marquis@arm.com>
Acked-by: Julien Grall <julien@xen.org>
--- a/xen/arch/arm/cpufeature.c
+++ b/xen/arch/arm/cpufeature.c
@@ -117,6 +117,7 @@ void identify_cpu(struct cpuinfo_arm *c)
c->isa64.bits[0] = READ_SYSREG64(ID_AA64ISAR0_EL1);
c->isa64.bits[1] = READ_SYSREG64(ID_AA64ISAR1_EL1);
+ c->isa64.bits[2] = READ_SYSREG64(ID_AA64ISAR2_EL1);
#endif
c->pfr32.bits[0] = READ_SYSREG32(ID_PFR0_EL1);
--- a/xen/include/asm-arm/arm64/sysregs.h
+++ b/xen/include/asm-arm/arm64/sysregs.h
@@ -57,6 +57,10 @@
#define ICH_AP1R2_EL2 __AP1Rx_EL2(2)
#define ICH_AP1R3_EL2 __AP1Rx_EL2(3)
+#ifndef ID_AA64ISAR2_EL1
+#define ID_AA64ISAR2_EL1 S3_0_C0_C6_2
+#endif
+
/* Access to system registers */
#define READ_SYSREG32(name) ({ \
--- a/xen/include/asm-arm/cpufeature.h
+++ b/xen/include/asm-arm/cpufeature.h
@@ -182,12 +182,26 @@ struct cpuinfo_arm {
unsigned long lo:4;
unsigned long pan:4;
unsigned long __res1:8;
- unsigned long __res2:32;
+ unsigned long __res2:28;
+ unsigned long ecbhb:4;
};
} mm64;
- struct {
- uint64_t bits[2];
+ union {
+ uint64_t bits[3];
+ struct {
+ /* ISAR0 */
+ unsigned long __res0:64;
+
+ /* ISAR1 */
+ unsigned long __res1:64;
+
+ /* ISAR2 */
+ unsigned long __res3:28;
+ unsigned long clearbhb:4;
+
+ unsigned long __res4:32;
+ };
} isa64;
#endif
