|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [xen stable-4.20] xen/arm: Mitigate TLBI errata on various Arm CPUs
commit 08ea7c4416ce45240871806cf41f070f9e890654
Author: Michal Orzel <michal.orzel@xxxxxxx>
AuthorDate: Fri May 22 09:35:58 2026 +0200
Commit: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
CommitDate: Thu Jun 4 21:39:53 2026 +0100
xen/arm: Mitigate TLBI errata on various Arm CPUs
A number of CPUs developed by Arm suffer from errata whereby a broadcast
TLBI + DSB sequence may complete before the global observation of writes
which are translated by an affected TLB entry. This can lead to memory
corruption and potential privilege escalation.
These errata ONLY affect the completion of memory accesses which have
been translated by an invalidated TLB entry, and these errata DO NOT
affect the actual invalidation of TLB entries. TLB entries are removed
correctly.
To mitigate this issue, Arm recommends that software follows each
TLBI+DSB sequence with an additional TLBI+DSB, which will ensure that
all memory write effects affected by the first TLBI have been globally
observed.
The ARM64_WORKAROUND_REPEAT_TLBI workaround is sufficient to mitigate the
issue. Enable this workaround for affected CPUs.
This is XSA-493 / CVE-2025-10263.
Signed-off-by: Michal Orzel <michal.orzel@xxxxxxx>
Reviewed-by: Julien Grall <julien@xxxxxxx>
(cherry picked from commit 161e8f61b5b0f2c205072c7bc699bfc37653999f)
---
xen/arch/arm/Kconfig | 21 ++++++++++++
xen/arch/arm/cpuerrata.c | 86 ++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 107 insertions(+)
diff --git a/xen/arch/arm/Kconfig b/xen/arch/arm/Kconfig
index a26d3e1182..a89995545f 100644
--- a/xen/arch/arm/Kconfig
+++ b/xen/arch/arm/Kconfig
@@ -467,6 +467,27 @@ config ARM64_ERRATUM_1508412
If unsure, say Y.
+config ARM64_ERRATUM_CVE_2025_10263
+ bool "Cortex-*/Neoverse-*/C1-*: Completion of affected memory accesses
might not be guaranteed by completion of a TLBI"
+ default y
+ depends on ARM_64
+ select ARM64_WORKAROUND_REPEAT_TLBI
+ help
+ This option adds a workaround for CVE-2025-10263.
+
+ A broadcast TLBI on another PE may complete before affected memory
+ accesses are globally observed. This may permit bypass of Stage 1
+ translation, Stage-2 translation, or GPT protection.
+
+ The workaround repeats the TLBI VALE2IS, XZR + DSB ISH operation for
all
+ the broadcast TLB flush operations. A single additional TLBI and DSB
are
+ sufficient regardless of how many TLBIs are completed by the DSB.
+
+ Note that software workarounds are required at all execution levels
for
+ affected parts to fully mitigate this issue.
+
+ If unsure, say Y.
+
endmenu
config ARM64_HARDEN_BRANCH_PREDICTOR
diff --git a/xen/arch/arm/cpuerrata.c b/xen/arch/arm/cpuerrata.c
index 17cf134f1b..3a32183618 100644
--- a/xen/arch/arm/cpuerrata.c
+++ b/xen/arch/arm/cpuerrata.c
@@ -534,6 +534,92 @@ static const struct arm_cpu_capabilities arm_errata[] = {
MIDR_RANGE(MIDR_NEOVERSE_N1, 0, 3 << MIDR_VARIANT_SHIFT),
},
#endif
+#ifdef CONFIG_ARM64_ERRATUM_CVE_2025_10263
+ {
+ .capability = ARM64_WORKAROUND_REPEAT_TLBI,
+ MIDR_ALL_VERSIONS(MIDR_CORTEX_A76),
+ },
+ {
+ .capability = ARM64_WORKAROUND_REPEAT_TLBI,
+ MIDR_ALL_VERSIONS(MIDR_CORTEX_A76AE),
+ },
+ {
+ .capability = ARM64_WORKAROUND_REPEAT_TLBI,
+ MIDR_ALL_VERSIONS(MIDR_CORTEX_A77),
+ },
+ {
+ .capability = ARM64_WORKAROUND_REPEAT_TLBI,
+ MIDR_ALL_VERSIONS(MIDR_CORTEX_A78),
+ },
+ {
+ .capability = ARM64_WORKAROUND_REPEAT_TLBI,
+ MIDR_ALL_VERSIONS(MIDR_CORTEX_A78AE),
+ },
+ {
+ .capability = ARM64_WORKAROUND_REPEAT_TLBI,
+ MIDR_ALL_VERSIONS(MIDR_CORTEX_A78C),
+ },
+ {
+ .capability = ARM64_WORKAROUND_REPEAT_TLBI,
+ MIDR_ALL_VERSIONS(MIDR_CORTEX_A710),
+ },
+ {
+ .capability = ARM64_WORKAROUND_REPEAT_TLBI,
+ MIDR_ALL_VERSIONS(MIDR_CORTEX_X1),
+ },
+ {
+ .capability = ARM64_WORKAROUND_REPEAT_TLBI,
+ MIDR_ALL_VERSIONS(MIDR_CORTEX_X1C),
+ },
+ {
+ .capability = ARM64_WORKAROUND_REPEAT_TLBI,
+ MIDR_ALL_VERSIONS(MIDR_CORTEX_X2),
+ },
+ {
+ .capability = ARM64_WORKAROUND_REPEAT_TLBI,
+ MIDR_ALL_VERSIONS(MIDR_CORTEX_X3),
+ },
+ {
+ .capability = ARM64_WORKAROUND_REPEAT_TLBI,
+ MIDR_ALL_VERSIONS(MIDR_CORTEX_X4),
+ },
+ {
+ .capability = ARM64_WORKAROUND_REPEAT_TLBI,
+ MIDR_ALL_VERSIONS(MIDR_CORTEX_X925),
+ },
+ {
+ .capability = ARM64_WORKAROUND_REPEAT_TLBI,
+ MIDR_ALL_VERSIONS(MIDR_NEOVERSE_N1),
+ },
+ {
+ .capability = ARM64_WORKAROUND_REPEAT_TLBI,
+ MIDR_ALL_VERSIONS(MIDR_NEOVERSE_N2),
+ },
+ {
+ .capability = ARM64_WORKAROUND_REPEAT_TLBI,
+ MIDR_ALL_VERSIONS(MIDR_NEOVERSE_V1),
+ },
+ {
+ .capability = ARM64_WORKAROUND_REPEAT_TLBI,
+ MIDR_ALL_VERSIONS(MIDR_NEOVERSE_V2),
+ },
+ {
+ .capability = ARM64_WORKAROUND_REPEAT_TLBI,
+ MIDR_ALL_VERSIONS(MIDR_NEOVERSE_V3),
+ },
+ {
+ .capability = ARM64_WORKAROUND_REPEAT_TLBI,
+ MIDR_ALL_VERSIONS(MIDR_NEOVERSE_V3AE),
+ },
+ {
+ .capability = ARM64_WORKAROUND_REPEAT_TLBI,
+ MIDR_ALL_VERSIONS(MIDR_C1_ULTRA),
+ },
+ {
+ .capability = ARM64_WORKAROUND_REPEAT_TLBI,
+ MIDR_ALL_VERSIONS(MIDR_C1_PREMIUM),
+ },
+#endif
#ifdef CONFIG_ARM64_HARDEN_BRANCH_PREDICTOR
{
.capability = ARM_HARDEN_BRANCH_PREDICTOR,
--
generated by git-patchbot for /home/xen/git/xen.git#stable-4.20
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |