diff options
author | Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com> | 2023-03-09 13:56:03 +0000 |
---|---|---|
committer | Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com> | 2023-03-20 10:12:38 +0000 |
commit | f8a35797b919d8ea041480bd5eb2a334e7056e0b (patch) | |
tree | 6a034e8c016994d8fd448ee0bff4b338a0b2b02c | |
parent | c41b8e90f75a7db82ee4384e3ffa5d8b9b8080e5 (diff) | |
download | arm-trusted-firmware-f8a35797b919d8ea041480bd5eb2a334e7056e0b.tar.gz |
fix(smccc): check smc_fid [23:17] bits
As per SMCCC spec Table 2.1 bit 23:17 must be zero (MBZ),
for all Fast Calls, when bit[31] == 1.
Adding this check to ensure SMC FIDs when get to the SMC handler
have these bits (23:17) cleared, if not capture and report them
as an unknown SMCs at the core.
Also the C runtime stack is copied to the stackpointer well in
advance, to leverage the existing el3_exit routine for unknown SMC.
Change-Id: I9972216db5ac164815011177945fb34dadc871b0
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
-rw-r--r-- | bl31/aarch64/runtime_exceptions.S | 18 | ||||
-rw-r--r-- | include/lib/smccc.h | 12 |
2 files changed, 22 insertions, 8 deletions
diff --git a/bl31/aarch64/runtime_exceptions.S b/bl31/aarch64/runtime_exceptions.S index 500e87b9a..2fa9f06c5 100644 --- a/bl31/aarch64/runtime_exceptions.S +++ b/bl31/aarch64/runtime_exceptions.S @@ -55,7 +55,7 @@ * delegated to platform EA handler. * * Without RAS_EXTENSION, this macro synchronizes pending errors using - * a DSB, unmasks Asynchronous External Aborts and saves X30 before + * a DSB, unmasks Asynchronous External Aborts and saves X30 before * setting the flag CTX_IS_IN_EL3. */ .macro check_and_unmask_ea @@ -506,6 +506,17 @@ sync_handler64: /* Copy SCR_EL3.NS bit to the flag to indicate caller's security */ bfi x7, x18, #0, #1 + mov sp, x12 + + /* + * Per SMCCC documentation, bits [23:17] must be zero for Fast + * SMCs. Other values are reserved for future use. Ensure that + * these bits are zeroes, if not report as unknown SMC. + */ + tbz x0, #FUNCID_TYPE_SHIFT, 2f /* Skip check if its a Yield Call*/ + tst x0, #(FUNCID_FC_RESERVED_MASK << FUNCID_FC_RESERVED_SHIFT) + b.ne smc_unknown + /* * Per SMCCCv1.3 a caller can set the SVE hint bit in the SMC FID * passed through x0. Copy the SVE hint bit to flags and mask the @@ -513,11 +524,10 @@ sync_handler64: * A service/dispatcher can retrieve the SVE hint bit state from * flags using the appropriate helper. */ +2: bfi x7, x0, #FUNCID_SVE_HINT_SHIFT, #FUNCID_SVE_HINT_MASK bic x0, x0, #(FUNCID_SVE_HINT_MASK << FUNCID_SVE_HINT_SHIFT) - mov sp, x12 - /* Get the unique owning entity number */ ubfx x16, x0, #FUNCID_OEN_SHIFT, #FUNCID_OEN_WIDTH ubfx x15, x0, #FUNCID_TYPE_SHIFT, #FUNCID_TYPE_WIDTH @@ -584,7 +594,7 @@ smc_unknown: * Unknown SMC call. Populate return value with SMC_UNK and call * el3_exit() which will restore the remaining architectural state * i.e., SYS, GP and PAuth registers(if any) prior to issuing the ERET - * to the desired lower EL. + * to the desired lower EL. */ mov x0, #SMC_UNK str x0, [x6, #CTX_GPREGS_OFFSET + CTX_GPREG_X0] diff --git a/include/lib/smccc.h b/include/lib/smccc.h index cce91afe2..63637d57e 100644 --- a/include/lib/smccc.h +++ b/include/lib/smccc.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2016-2022, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2016-2023, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -37,9 +37,13 @@ #define FUNCID_OEN_MASK U(0x3f) #define FUNCID_OEN_WIDTH U(6) -#define FUNCID_SVE_HINT_SHIFT U(16) -#define FUNCID_SVE_HINT_MASK U(1) -#define FUNCID_SVE_HINT_WIDTH U(1) +#define FUNCID_FC_RESERVED_SHIFT U(17) +#define FUNCID_FC_RESERVED_MASK U(0x7f) +#define FUNCID_FC_RESERVED_WIDTH U(7) + +#define FUNCID_SVE_HINT_SHIFT U(16) +#define FUNCID_SVE_HINT_MASK U(1) +#define FUNCID_SVE_HINT_WIDTH U(1) #define FUNCID_NUM_SHIFT U(0) #define FUNCID_NUM_MASK U(0xffff) |