fix(smccc): check smc_fid [23:17] bits

As per SMCCC spec Table 2.1 bit 23:17 must be zero (MBZ),
for all Fast Calls, when bit[31] == 1.
Adding this check to ensure SMC FIDs when get to the SMC handler
have these bits (23:17) cleared, if not capture and report them
as an unknown SMCs at the core.

Also the C runtime stack is copied to the stackpointer well in
advance, to leverage the existing el3_exit routine for unknown SMC.

Change-Id: I9972216db5ac164815011177945fb34dadc871b0
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>

diff --git a/bl31/aarch64/runtime_exceptions.S b/bl31/aarch64/runtime_exceptions.S
index 500e87b9a345c89b153297346a4c0c0468107600..2fa9f06c5a53e1e433a71a459894bfcee7e1e835 100644 (file)
--- a/bl31/aarch64/runtime_exceptions.S
+++ b/bl31/aarch64/runtime_exceptions.S
@@ -55,7 +55,7 @@
         * delegated to platform EA handler.
         *
         * Without RAS_EXTENSION, this macro synchronizes pending errors using
-         * a DSB, unmasks Asynchronous External Aborts and saves X30 before
+        * a DSB, unmasks Asynchronous External Aborts and saves X30 before
         * setting the flag CTX_IS_IN_EL3.
         */
        .macro check_and_unmask_ea
@@ -506,6 +506,17 @@ sync_handler64:
        /* Copy SCR_EL3.NS bit to the flag to indicate caller's security */
        bfi     x7, x18, #0, #1
 
+       mov     sp, x12
+
+       /*
+        * Per SMCCC documentation, bits [23:17] must be zero for Fast
+        * SMCs. Other values are reserved for future use. Ensure that
+        * these bits are zeroes, if not report as unknown SMC.
+        */
+       tbz     x0, #FUNCID_TYPE_SHIFT, 2f  /* Skip check if its a Yield Call*/
+       tst     x0, #(FUNCID_FC_RESERVED_MASK << FUNCID_FC_RESERVED_SHIFT)
+       b.ne    smc_unknown
+
        /*
         * Per SMCCCv1.3 a caller can set the SVE hint bit in the SMC FID
         * passed through x0. Copy the SVE hint bit to flags and mask the
@@ -513,11 +524,10 @@ sync_handler64:
         * A service/dispatcher can retrieve the SVE hint bit state from
         * flags using the appropriate helper.
         */
+2:
        bfi     x7, x0, #FUNCID_SVE_HINT_SHIFT, #FUNCID_SVE_HINT_MASK
        bic     x0, x0, #(FUNCID_SVE_HINT_MASK << FUNCID_SVE_HINT_SHIFT)
 
-       mov     sp, x12
-
        /* Get the unique owning entity number */
        ubfx    x16, x0, #FUNCID_OEN_SHIFT, #FUNCID_OEN_WIDTH
        ubfx    x15, x0, #FUNCID_TYPE_SHIFT, #FUNCID_TYPE_WIDTH
@@ -584,7 +594,7 @@ smc_unknown:
         * Unknown SMC call. Populate return value with SMC_UNK and call
         * el3_exit() which will restore the remaining architectural state
         * i.e., SYS, GP and PAuth registers(if any) prior to issuing the ERET
-         * to the desired lower EL.
+        * to the desired lower EL.
         */
        mov     x0, #SMC_UNK
        str     x0, [x6, #CTX_GPREGS_OFFSET + CTX_GPREG_X0]

diff --git a/include/lib/smccc.h b/include/lib/smccc.h
index cce91afe25700f133645220de8034301503a94d5..63637d57e8c36803514c5de800aa6f64cae18704 100644 (file)
--- a/include/lib/smccc.h
+++ b/include/lib/smccc.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2016-2022, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2016-2023, ARM Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -37,9 +37,13 @@
 #define FUNCID_OEN_MASK                        U(0x3f)
 #define FUNCID_OEN_WIDTH               U(6)
 
-#define FUNCID_SVE_HINT_SHIFT          U(16)
-#define FUNCID_SVE_HINT_MASK           U(1)
-#define FUNCID_SVE_HINT_WIDTH          U(1)
+#define FUNCID_FC_RESERVED_SHIFT       U(17)
+#define FUNCID_FC_RESERVED_MASK                U(0x7f)
+#define FUNCID_FC_RESERVED_WIDTH       U(7)
+
+#define FUNCID_SVE_HINT_SHIFT          U(16)
+#define FUNCID_SVE_HINT_MASK           U(1)
+#define FUNCID_SVE_HINT_WIDTH          U(1)
 
 #define FUNCID_NUM_SHIFT               U(0)
 #define FUNCID_NUM_MASK                        U(0xffff)