fix(cpus): workaround for CVE-2024-5660 for Cortex-X925 Implements mitigation for CVE-2024-5660 that affects Cortex-X925 revisions r0p0, r0p1. The workaround is to disable the hardware page aggregation at EL3 by setting CPUECTLR_EL1[46] = 1'b1. Public Documentation: https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-5660 Change-Id: I9d5a07ca6b89b27d8876f4349eff2af26c962d8a Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com> (cherry picked from commit ebc090fbf47a25a1ef84657d03198fc3a29d28e3)

commit: 70a7d3f2d0303a411a0ac5ffc5b8b395e201f26f [log] [tgz]
author: Sona Mathew <sonarebecca.mathew@arm.com> Sun Jun 02 22:59:09 2024 -0500
committer: Yann Gautier <yann.gautier@st.com> Fri Feb 07 18:32:03 2025 +0100
tree: c568392a6527af14b1604b24491c8153b9829648
parent: 41b64fe36f42f29e10592c28259408187f1ac3fd [diff]
diff --git a/lib/cpus/aarch64/cortex_x925.S b/lib/cpus/aarch64/cortex_x925.S
index 8109ffb..3a31664 100644
--- a/lib/cpus/aarch64/cortex_x925.S
+++ b/lib/cpus/aarch64/cortex_x925.S

@@ -21,6 +21,13 @@
 #error "Cortex-X925 supports only AArch64. Compile with CTX_INCLUDE_AARCH32_REGS=0"
 #endif
 
+/* Disable hardware page aggregation. Enables mitigation for `CVE-2024-5660` */
+workaround_reset_start cortex_x925, CVE(2024, 5660), WORKAROUND_CVE_2024_5660
+	sysreg_bit_set CORTEX_X925_CPUECTLR_EL1, BIT(46)
+workaround_reset_end cortex_x925, CVE(2024, 5660)
+
+check_erratum_ls cortex_x925, CVE(2024, 5660), CPU_REV(0, 1)
+
 cpu_reset_func_start cortex_x925
 	/* Disable speculative loads */
 	msr	SSBS, xzr
commit	70a7d3f2d0303a411a0ac5ffc5b8b395e201f26f	[log] [tgz]
author	Sona Mathew <sonarebecca.mathew@arm.com>	Sun Jun 02 22:59:09 2024 -0500
committer	Yann Gautier <yann.gautier@st.com>	Fri Feb 07 18:32:03 2025 +0100
tree	c568392a6527af14b1604b24491c8153b9829648
parent	41b64fe36f42f29e10592c28259408187f1ac3fd [diff]