armstub8: Add PSCI monitor support for BCM2711

[hanzyd]

This monitor is used to workaround few issues in Cortex-A72 CPU used in BCM2711:

• CVE-2017-5715 aka Spectre-v2. Invalidate the Branch Target Buffer (BTB) on entry to EL3 by disabling and enabling the MMU.
• CVE-2018-3639 aka Spectre-v4. Set or clean bit 55 (Disable load pass store) of CPUACTLR_EL1, when requested by SMCCC_ARCH_WORKAROUND_2.
• Prevent speculative execution past ERET.
• Implement workaround for AT speculative behaviour

This work is based on Oleksandr RPi3 psci-monitor [1] and Arm Trusted Firmware [2].

Mitigation's are implemented according "ARM DEN 0070A" [3].

CVE workarounds could be controlled via Linux command line options [4]: nospectre_v2 and ssbd=

Validation was done using Ghostbusters [5] and Google's Safeside project [6].

Supported functions include: PSCI_VERSION PSCI_CPU_OFF PSCI_CPU_ON PSCI_AFFINITY_INFO PSCI_MIGRATE_INFO_TYPE PSCI_MIGRATE_INFO_UP_CPU PSCI_SYSTEM_OFF PSCI_SYSTEM_RESET PSCI_FEATURES SMCCC_VERSION SMCCC_ARCH_WORKAROUND_1 SMCCC_ARCH_WORKAROUND_2

As side effect of this now Linux kexec is working.

Performance degradation was evaluated using Phoronix hackbench and it is around 6% in combined case, I would say.

"Hackbench - Count: 4 - Type: Process"

00 = spectre_v2: Vulnerable, spec_store_bypass: Vulnerable 01 = spectre_v2: Mitigated, spec_store_bypass: Vulnerable 02 = spectre_v2: Vulnerable, spec_store_bypass: Mitigated 03 = spectre_v2: Mitigated, spec_store_bypass: Mitigated 04 = no PSCI monitor at all 05 = no PSCI monitor at all

 Run-1   | Run-2   | Run-3, seconds

---

00 | 100.689 | 100.215 | 100.749 01 | 103.386 | 104.627 | 104.387 02 | 104.519 | 105.383 | 104.611 03 | 107.084 | 106.081 | 107.269 04 | 101.301 | 101.894 | 102.564 05 | 100.302 | 101.85 | 99.912

Details could be found here [7].

[1] https://github.com/gonzoua/rpi3-psci-monitor [2] https://github.com/Arm-Software/arm-trusted-firmware [3] "Firmware interfaces for mitigating cache speculation vulnerabilities" [4] https://www.kernel.org/doc/html/latest/admin-guide/kernel-parameters.html [5] https://github.com/Sultanic/Ghostbusters.git [6] https://github.com/google/safeside.git [7] https://openbenchmarking.org/result/2103024-HA-PSCIMON0014,2103020-HA-PSCIMON0130,2103027-HA-PSCIMON0242,2103028-HA-PSCIMON0310,2103021-HA-PSCIMON0401,2103021-HA-PSCIMON0524

Signed-off-by: Ivan T. Ivanov iivanov@suse.de

[pelwell]

Why do you think this should be the standard ARMv8 stub, given that it is so easy for distributions to provide there own?

And are you the author? Your GitHub userid does not make this obvious.

[hanzyd]

Well, they are distributions that are using this stub, like openSUSE. In some sense is easer to add simple mitigations here, than use big/fat TF-A. I think there will be others that could benefit for this.

This work is heavily based on TF-A and RPi3 monitor, as stated in commit message, but, yes, I am the author of this.