xen/arm: move errata CSV2 check earlier

CSV2 availability check is done after printing to the user that
workaround 1 will be used. Move the check before to prevent saying to the
user that workaround 1 is used when it is not because it is not needed.
This will also allow to reuse install_bp_hardening_vec function for
other use cases.

Code previously returning "true", now returns "0" to conform to
enable_smccc_arch_workaround_1 returning an int and surrounding code
doing a "return 0" if workaround is not needed.

This is part of XSA-398 / CVE-2022-23960.

Signed-off-by: Bertrand Marquis <bertrand.marquis@arm.com>
Reviewed-by: Julien Grall <julien@xen.org>
(cherry picked from commit 599616d70eb886b9ad0ef9d6b51693ce790504ba)

diff --git a/xen/arch/arm/cpuerrata.c b/xen/arch/arm/cpuerrata.c
index b398d480f1134397a654c3ae4859ff595f377608..00f9ebe9cee0e50acc2db87c1b09032db6273533 100644 (file)
--- a/xen/arch/arm/cpuerrata.c
+++ b/xen/arch/arm/cpuerrata.c
@@ -103,13 +103,6 @@ install_bp_hardening_vec(const struct arm_cpu_capabilities *entry,
     printk(XENLOG_INFO "CPU%u will %s on exception entry\n",
            smp_processor_id(), desc);
 
-    /*
-     * No need to install hardened vector when the processor has
-     * ID_AA64PRF0_EL1.CSV2 set.
-     */
-    if ( cpu_data[smp_processor_id()].pfr64.csv2 )
-        return true;
-
     spin_lock(&bp_lock);
 
     /*
@@ -167,6 +160,13 @@ static int enable_smccc_arch_workaround_1(void *data)
     if ( !entry->matches(entry) )
         return 0;
 
+    /*
+     * No need to install hardened vector when the processor has
+     * ID_AA64PRF0_EL1.CSV2 set.
+     */
+    if ( cpu_data[smp_processor_id()].pfr64.csv2 )
+        return 0;
+
     if ( smccc_ver < SMCCC_VERSION(1, 1) )
         goto warn;