From 43b8fa8e981226418b8d0722ba260a7df63638ab Mon Sep 17 00:00:00 2001 From: Sandrine Bailleux Date: Mon, 2 Jul 2018 13:01:16 +0200 Subject: [PATCH] Fix incorrect pointer conversion in SMC_UUID_RET() Casting a pointer to a struct uuid into a pointer to uint32_t may result in a pointer that is not correctly aligned, which constitutes an undefined behaviour. In the case of TF, this also generates a data abort because alignment fault checking is enabled (through the SCTLR.A bit). This patch modifies the SMC_UUID_RET() macro to read the uuid structure without any pointer aliasing. A helper function then combines every set of 4 bytes into a 32-bit value suitable to be returned through the x0-x3 registers. This fixes a violation of MISRA rule 11.3. Change-Id: I53ee73bb4cb332f4d8286055ceceb6f347caa080 Signed-off-by: Sandrine Bailleux --- include/lib/aarch32/smccc_helpers.h | 7 ------- include/lib/aarch64/smccc_helpers.h | 7 ------- include/lib/smccc.h | 27 +++++++++++++++++++++++++++ 3 files changed, 27 insertions(+), 14 deletions(-) diff --git a/include/lib/aarch32/smccc_helpers.h b/include/lib/aarch32/smccc_helpers.h index 240dd13f..731c26fb 100644 --- a/include/lib/aarch32/smccc_helpers.h +++ b/include/lib/aarch32/smccc_helpers.h @@ -129,13 +129,6 @@ CASSERT(SMC_CTX_SIZE == sizeof(smc_ctx_t), assert_smc_ctx_size_mismatch); SMC_RET3(_h, (_r0), (_r1), (_r2)); \ } -/* Return a UUID in the SMC return registers */ -#define SMC_UUID_RET(_h, _uuid) \ - SMC_RET4(handle, ((const uint32_t *) &(_uuid))[0], \ - ((const uint32_t *) &(_uuid))[1], \ - ((const uint32_t *) &(_uuid))[2], \ - ((const uint32_t *) &(_uuid))[3]) - /* * Helper macro to retrieve the SMC parameters from smc_ctx_t. */ diff --git a/include/lib/aarch64/smccc_helpers.h b/include/lib/aarch64/smccc_helpers.h index 1b33a0d1..4d9217bc 100644 --- a/include/lib/aarch64/smccc_helpers.h +++ b/include/lib/aarch64/smccc_helpers.h @@ -67,13 +67,6 @@ #define SMC_SET_EL3(_h, _e, _v) \ write_ctx_reg((get_el3state_ctx(_h)), (_e), (_v)) -/* Return a UUID in the SMC return registers */ -#define SMC_UUID_RET(_h, _uuid) \ - SMC_RET4(handle, ((const uint32_t *) &(_uuid))[0], \ - ((const uint32_t *) &(_uuid))[1], \ - ((const uint32_t *) &(_uuid))[2], \ - ((const uint32_t *) &(_uuid))[3]) - /* * Helper macro to retrieve the SMC parameters from cpu_context_t. */ diff --git a/include/lib/smccc.h b/include/lib/smccc.h index cb722b0e..a07e510b 100644 --- a/include/lib/smccc.h +++ b/include/lib/smccc.h @@ -84,5 +84,32 @@ { _n0, _n1, _n2, _n3, _n4, _n5 } \ } +/* + * Return a UUID in the SMC return registers. + * + * Acccording to section 5.3 of the SMCCC, UUIDs are returned as a single + * 128-bit value using the SMC32 calling convention. This value is mapped to + * argument registers x0-x3 on AArch64 (resp. r0-r3 on AArch32). x0 for example + * shall hold bytes 0 to 3, with byte 0 in the low-order bits. + */ +static inline uint32_t smc_uuid_word(uint8_t b0, uint8_t b1, uint8_t b2, uint8_t b3) +{ + return ((uint32_t) b0) | (((uint32_t) b1) << 8) | + (((uint32_t) b2) << 16) | (((uint32_t) b3) << 24); +} + +#define SMC_UUID_RET(_h, _uuid) \ + SMC_RET4(handle, \ + smc_uuid_word((_uuid).time_low[0], (_uuid).time_low[1], \ + (_uuid).time_low[2], (_uuid).time_low[3]), \ + smc_uuid_word((_uuid).time_mid[0], (_uuid).time_mid[1], \ + (_uuid).time_hi_and_version[0], \ + (_uuid).time_hi_and_version[1]), \ + smc_uuid_word((_uuid).clock_seq_hi_and_reserved, \ + (_uuid).clock_seq_low, (_uuid).node[0], \ + (_uuid).node[1]), \ + smc_uuid_word((_uuid).node[2], (_uuid).node[3], \ + (_uuid).node[4], (_uuid).node[5])) + #endif /*__ASSEMBLY__*/ #endif /* __SMCCC_H__ */ -- 2.30.2