From: Jeenu Viswambharan Date: Fri, 7 Feb 2014 15:53:18 +0000 (+0000) Subject: Add exception vector guards X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=a7934d69508872919787742c7680b68807c24361;p=project%2Fbcm63xx%2Fatf.git Add exception vector guards This patch adds guards so that an exception vector exceeding 32 instructions will generate a compile-time error. This keeps the exception handlers in check from spilling over. Change-Id: I7aa56dd0071a333664e2814c656d3896032046fe --- diff --git a/bl1/aarch64/early_exceptions.S b/bl1/aarch64/early_exceptions.S index 84bdae16..d06e8543 100644 --- a/bl1/aarch64/early_exceptions.S +++ b/bl1/aarch64/early_exceptions.S @@ -33,6 +33,7 @@ #include #include #include +#include .globl early_exceptions .weak display_boot_progress @@ -55,24 +56,28 @@ SynchronousExceptionSP0: mov x0, #SYNC_EXCEPTION_SP_EL0 bl plat_report_exception b SynchronousExceptionSP0 + check_vector_size SynchronousExceptionSP0 .align 7 IrqSP0: mov x0, #IRQ_SP_EL0 bl plat_report_exception b IrqSP0 + check_vector_size IrqSP0 .align 7 FiqSP0: mov x0, #FIQ_SP_EL0 bl plat_report_exception b FiqSP0 + check_vector_size FiqSP0 .align 7 SErrorSP0: mov x0, #SERROR_SP_EL0 bl plat_report_exception b SErrorSP0 + check_vector_size SErrorSP0 /* ----------------------------------------------------- * Current EL with SPx: 0x200 - 0x380 @@ -83,24 +88,28 @@ SynchronousExceptionSPx: mov x0, #SYNC_EXCEPTION_SP_ELX bl plat_report_exception b SynchronousExceptionSPx + check_vector_size SynchronousExceptionSPx .align 7 IrqSPx: mov x0, #IRQ_SP_ELX bl plat_report_exception b IrqSPx + check_vector_size IrqSPx .align 7 FiqSPx: mov x0, #FIQ_SP_ELX bl plat_report_exception b FiqSPx + check_vector_size FiqSPx .align 7 SErrorSPx: mov x0, #SERROR_SP_ELX bl plat_report_exception b SErrorSPx + check_vector_size SErrorSPx /* ----------------------------------------------------- * Lower EL using AArch64 : 0x400 - 0x580 @@ -115,24 +124,28 @@ SynchronousExceptionA64: * --------------------------------------------- */ b process_exception + check_vector_size SynchronousExceptionA64 .align 7 IrqA64: mov x0, #IRQ_AARCH64 bl plat_report_exception b IrqA64 + check_vector_size IrqA64 .align 7 FiqA64: mov x0, #FIQ_AARCH64 bl plat_report_exception b FiqA64 + check_vector_size FiqA64 .align 7 SErrorA64: mov x0, #SERROR_AARCH64 bl plat_report_exception b SErrorA64 + check_vector_size SErrorA64 /* ----------------------------------------------------- * Lower EL using AArch32 : 0x0 - 0x180 @@ -143,24 +156,28 @@ SynchronousExceptionA32: mov x0, #SYNC_EXCEPTION_AARCH32 bl plat_report_exception b SynchronousExceptionA32 + check_vector_size SynchronousExceptionA32 .align 7 IrqA32: mov x0, #IRQ_AARCH32 bl plat_report_exception b IrqA32 + check_vector_size IrqA32 .align 7 FiqA32: mov x0, #FIQ_AARCH32 bl plat_report_exception b FiqA32 + check_vector_size FiqA32 .align 7 SErrorA32: mov x0, #SERROR_AARCH32 bl plat_report_exception b SErrorA32 + check_vector_size SErrorA32 .align 7 diff --git a/bl31/aarch64/runtime_exceptions.S b/bl31/aarch64/runtime_exceptions.S index 10e65dc8..870c2742 100644 --- a/bl31/aarch64/runtime_exceptions.S +++ b/bl31/aarch64/runtime_exceptions.S @@ -32,6 +32,7 @@ #include #include #include +#include "asm_macros.S" #include "cm_macros.S" .globl runtime_exceptions @@ -53,6 +54,7 @@ sync_exception_sp_el0: */ wfi b sync_exception_sp_el0 + check_vector_size sync_exception_sp_el0 .align 7 /* ----------------------------------------------------- @@ -63,16 +65,19 @@ sync_exception_sp_el0: irq_sp_el0: handle_async_exception IRQ_SP_EL0 b irq_sp_el0 + check_vector_size irq_sp_el0 .align 7 fiq_sp_el0: handle_async_exception FIQ_SP_EL0 b fiq_sp_el0 + check_vector_size fiq_sp_el0 .align 7 serror_sp_el0: handle_async_exception SERROR_SP_EL0 b serror_sp_el0 + check_vector_size serror_sp_el0 /* ----------------------------------------------------- * Current EL with SPx: 0x200 - 0x380 @@ -93,6 +98,7 @@ sync_exception_sp_elx: */ wfi b sync_exception_sp_elx + check_vector_size sync_exception_sp_elx /* ----------------------------------------------------- * As mentioned in the previous comment, all bets are @@ -103,12 +109,17 @@ sync_exception_sp_elx: .align 7 irq_sp_elx: b irq_sp_elx + check_vector_size irq_sp_elx + .align 7 fiq_sp_elx: b fiq_sp_elx + check_vector_size fiq_sp_elx + .align 7 serror_sp_elx: b serror_sp_elx + check_vector_size serror_sp_elx /* ----------------------------------------------------- * Lower EL using AArch64 : 0x400 - 0x580 @@ -125,6 +136,7 @@ sync_exception_aarch64: * ----------------------------------------------------- */ handle_sync_exception + check_vector_size sync_exception_aarch64 .align 7 /* ----------------------------------------------------- @@ -135,16 +147,19 @@ sync_exception_aarch64: irq_aarch64: handle_async_exception IRQ_AARCH64 b irq_aarch64 + check_vector_size irq_aarch64 .align 7 fiq_aarch64: handle_async_exception FIQ_AARCH64 b fiq_aarch64 + check_vector_size fiq_aarch64 .align 7 serror_aarch64: handle_async_exception SERROR_AARCH64 b serror_aarch64 + check_vector_size serror_aarch64 /* ----------------------------------------------------- * Lower EL using AArch32 : 0x600 - 0x780 @@ -161,6 +176,7 @@ sync_exception_aarch32: * ----------------------------------------------------- */ handle_sync_exception + check_vector_size sync_exception_aarch32 .align 7 /* ----------------------------------------------------- @@ -171,16 +187,20 @@ sync_exception_aarch32: irq_aarch32: handle_async_exception IRQ_AARCH32 b irq_aarch32 + check_vector_size irq_aarch32 .align 7 fiq_aarch32: handle_async_exception FIQ_AARCH32 b fiq_aarch32 + check_vector_size fiq_aarch32 .align 7 serror_aarch32: handle_async_exception SERROR_AARCH32 b serror_aarch32 + check_vector_size serror_aarch32 + .align 7 .section .text, "ax" diff --git a/include/asm_macros.S b/include/asm_macros.S index decef0b9..f94d75fe 100644 --- a/include/asm_macros.S +++ b/include/asm_macros.S @@ -68,3 +68,15 @@ ubfx \end_level, \clidr, \shift, \fw lsl \end_level, \end_level, \ls .endm + + /* + * This macro verifies that the a given vector doesn't exceed the + * architectural limit of 32 instructions. This is meant to be placed + * immedately after the last instruction in the vector. It takes the + * vector entry as the parameter + */ + .macro check_vector_size since + .if (. - \since) > (32 * 4) + .error "Vector exceeds 32 instructions" + .endif + .endm