diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig index e28a76bd1793..84e4816362b3 100644 --- a/arch/arm/Kconfig +++ b/arch/arm/Kconfig @@ -749,6 +749,22 @@ config ARM_ERRATA_411920 It does not affect the MPCore. This option enables the ARM Ltd. recommended workaround. +config ARM_ERRATA_430973 + bool "ARM errata: Stale prediction on replaced interworking branch" + depends on CPU_V7 + help + This option enables the workaround for the 430973 Cortex-A8 + (r1p0..r1p2) erratum. If a code sequence containing an ARM/Thumb + interworking branch is replaced with another code sequence at the + same virtual address, whether due to self-modifying code or virtual + to physical address re-mapping, Cortex-A8 does not recover from the + stale interworking branch prediction. This results in Cortex-A8 + executing the new code sequence in the incorrect ARM or Thumb state. + The workaround enables the BTB/BTAC operations by setting ACTLR.IBE + and also flushes the branch target cache at every context switch. + Note that setting specific bits in the ACTLR register may not be + available in non-secure mode. + endmenu source "arch/arm/common/Kconfig" diff --git a/arch/arm/mm/proc-v7.S b/arch/arm/mm/proc-v7.S index d1ebec42521d..fc81159596fe 100644 --- a/arch/arm/mm/proc-v7.S +++ b/arch/arm/mm/proc-v7.S @@ -95,6 +95,9 @@ ENTRY(cpu_v7_switch_mm) mov r2, #0 ldr r1, [r1, #MM_CONTEXT_ID] @ get mm->context.id orr r0, r0, #TTB_FLAGS +#ifdef CONFIG_ARM_ERRATA_430973 + mcr p15, 0, r2, c7, c5, 6 @ flush BTAC/BTB +#endif mcr p15, 0, r2, c13, c0, 1 @ set reserved context ID isb 1: mcr p15, 0, r0, c2, c0, 0 @ set TTB 0 @@ -180,6 +183,11 @@ __v7_setup: stmia r12, {r0-r5, r7, r9, r11, lr} bl v7_flush_dcache_all ldmia r12, {r0-r5, r7, r9, r11, lr} +#ifdef CONFIG_ARM_ERRATA_430973 + mrc p15, 0, r10, c1, c0, 1 @ read aux control register + orr r10, r10, #(1 << 6) @ set IBE to 1 + mcr p15, 0, r10, c1, c0, 1 @ write aux control register +#endif mov r10, #0 #ifdef HARVARD_CACHE mcr p15, 0, r10, c7, c5, 0 @ I+BTB cache invalidate