ghost
commented
5 years ago @ruchi393 On a system that contains no cores that are vulnerable to CVE-2017-5715 the setting of WORKAROUND_CVE_2017_5715 does not matter. There is no performance improvement by disabling the workaround on such a system. Our recommendation is to keep this flag to its default value.
However, consider the following 2 cases:
If the system is not vulnerable, setting WORKAROUND_CVE_2017_5715 to 0 can mean any of the following things:
- None of the cores are affected by the vulnerability.
- The system contains at least one core that is affected but there is no mitigation.
- The firmware does not provide any indication as to whether the system is vulnerable or not.
From the point of view of the caller, this is a bit ambiguous as there are multiple reasons for the call to SMCCC_ARCH_FEATURES returning NOT_SUPPORTED.
On the other hand on a system that is not vulnerable setting WORKAROUND_CVE_2017_5715 to 1 should correctly report the mitigation status to the caller so in a way it helps to comply with the specification and provides a non-ambiguous return value back to the caller.
Arguably, we could revert the patch that disables the flag on systems that are not vulnerable because our recommendation is to keep this flag set in all cases. I suspect at the time this particular line of reasoning was not as clear as things were changing rapidly.
The way WORKAROUND_CVE_2017_5715 is implemented, I see that the corresponding changes are only in the core files which are affected by this errata. The default value of this WORKAROUND is set to 1. Is there any requirement to change the set the value to 0 for a platform with A53 core ?
I see a patch in TF-A where the WORKAROUND_CVE_2017_5715 is explicitly set to 0 for few platforms. What is the reason for doing so ?