From 18d0e4cfe52781ba99e1bfe22450be6b1ce9da4d Mon Sep 17 00:00:00 2001
From: Yidi Lin <yidilin@chromium.org>
Date: Sat, 11 Feb 2023 15:50:15 +0800
Subject: 2sha256_arm: Fix data abort issue

Fix the following CPU exception when enabling ARMV8_CRYPTO_EXT.

[DEBUG]  exception _sync_sp_el0
[DEBUG]  ELR = 0x000000000025f390         ESR = 0x96000010
[DEBUG]  FAR = 0x000000000c000000        SPSR = 0x2000000c
[DEBUG]  X00 = 0x000000000026cf20         X01 = 0x000000000bffffe0
[DEBUG]  X02 = 0x00000000ffd042de         X03 = 0xffffffffffffffff
[DEBUG]  X04 = 0x000000000026cf88         X05 = 0x0000000000054ff8
[DEBUG]  X06 = 0x0000000000000002         X07 = 0x000000000000000a
[DEBUG]  X08 = 0x000000000025f5f0         X09 = 0x000000000026cf30
[DEBUG]  X10 = 0x000000000010b4ee         X11 = 0x00000000000001fc
[DEBUG]  X12 = 0x0000000000000080         X13 = 0x0000000000125110
[DEBUG]  X14 = 0x0000000000124f10         X15 = 0x0000000000125310
[DEBUG]  X16 = 0x0000000000267580         X17 = 0x749ffa8d9d5f02ca
[DEBUG]  X18 = 0x0000000000125110         X19 = 0x0000000000000000
[DEBUG]  X20 = 0x000000000026cf20         X21 = 0x000000000010b760
[DEBUG]  X22 = 0x000000000026cf48         X23 = 0x0000000000000000
[DEBUG]  X24 = 0x0000000000000000         X25 = 0x00000000000a3800
[DEBUG]  X26 = 0x000000000026c970         X27 = 0x000000000026c802
[DEBUG]  X28 = 0x0000000000000000         X29 = 0x0000000000000000
[DEBUG]  X30 = 0x000000000025f1e0          SP = 0x000000000010b650

The issue happens when the buffer size processed by
`vb2ex_hwcrypto_digest_extend` is equal to VB2_SHA256_BLOCK_SIZE.
`vb2_sha256_transform_hwcrypto` is called twice in
`vb2ex_hwcrypto_digest_extend`. The first call processes the whole
buffer. The second call still processes the buffer even if
`remaining_blocks` is equal to 0. This causes `block_nb`(see X02)
underflow in the assembly code. Then ld1 instruction accesses an
unexpected memory address(see X01) and raises CPU exception.

Fix the issue by checking `block_nb` value before calling to
`sha256_ce_transform`.

BRANCH=corsola
BUG=b:263514393
TEST=flash image-geralt*.bin and no CPU exception raised

Change-Id: I9b74d60413b3cc571950e15c0d2b901bc4063385
Signed-off-by: Yidi Lin <yidilin@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4242678
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
(cherry picked from commit 5b8596cefd1a61252501943f2534323708338732)
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4269955
Tested-by: Yu-Ping Wu <yupingso@chromium.org>
Auto-Submit: Yu-Ping Wu <yupingso@chromium.org>
---
 firmware/2lib/2hwcrypto.c   | 3 ++-
 firmware/2lib/2sha256_arm.c | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/firmware/2lib/2hwcrypto.c b/firmware/2lib/2hwcrypto.c
index f6cc5241..c472c29c 100644
--- a/firmware/2lib/2hwcrypto.c
+++ b/firmware/2lib/2hwcrypto.c
@@ -54,7 +54,8 @@ vb2_error_t vb2ex_hwcrypto_digest_extend(const uint8_t *buf, uint32_t size)
 	shifted_data = buf + rem_size;
 
 	vb2_sha256_transform_hwcrypto(vb2_sha_ctx.block, 1);
-	vb2_sha256_transform_hwcrypto(shifted_data, remaining_blocks);
+	if (remaining_blocks)
+		vb2_sha256_transform_hwcrypto(shifted_data, remaining_blocks);
 
 	rem_size = new_size % VB2_SHA256_BLOCK_SIZE;
 
diff --git a/firmware/2lib/2sha256_arm.c b/firmware/2lib/2sha256_arm.c
index 556cd5c1..84d1f779 100644
--- a/firmware/2lib/2sha256_arm.c
+++ b/firmware/2lib/2sha256_arm.c
@@ -17,5 +17,6 @@ int sha256_ce_transform(uint32_t *state, const unsigned char *buf, int blocks);
 void vb2_sha256_transform_hwcrypto(const uint8_t *message,
 				   unsigned int block_nb)
 {
-	sha256_ce_transform(vb2_sha_ctx.h, message, block_nb);
+	if (block_nb)
+		sha256_ce_transform(vb2_sha_ctx.h, message, block_nb);
 }
-- 
cgit v1.2.1