RAS: Validate stack pointer after error handling

RAS handling flows might involve using setjmp/longjump calls introduced
in earlier patches; therefore, it'd be good to make sure the stack has
been unwound completely after the handling.

This patch inserts ASM assertions on the RAS handling path to validate
stack.

Change-Id: I59d40d3122010c977cdeab3cce3160f3909e7e69
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>

diff --git a/bl31/aarch64/ea_delegate.S b/bl31/aarch64/ea_delegate.S
index dce1f5ab7eccecd3028a0f9b1ecdee97fcd5f912..d18f9e5758cb35f5cdecb53a0ba4be8f32337b8a 100644 (file)
--- a/bl31/aarch64/ea_delegate.S
+++ b/bl31/aarch64/ea_delegate.S
@@ -6,6 +6,7 @@
 
 
 #include <asm_macros.S>
+#include <assert_macros.S>
 #include <context.h>
 #include <ea_handle.h>
 
@@ -143,9 +144,24 @@ func ea_proceed
        mov     sp, x5
 
        mov     x29, x30
+#if ENABLE_ASSERTIONS
+       /* Stash the stack pointer */
+       mov     x28, sp
+#endif
        bl      plat_ea_handler
        mov     x30, x29
 
+#if ENABLE_ASSERTIONS
+       /*
+        * Error handling flows might involve long jumps; so upon returning from
+        * the platform error handler, validate that the we've completely
+        * unwound the stack.
+        */
+       mov     x27, sp
+       cmp     x28, x27
+       ASM_ASSERT(eq)
+#endif
+
        /* Make SP point to context */
        msr     spsel, #1