From d435238dc364f0c9f0e41661365f83d83899829d Mon Sep 17 00:00:00 2001 From: Manish Pandey Date: Tue, 11 Oct 2022 17:28:14 +0100 Subject: [PATCH] fix(bl31): harden check in delegate_async_ea Following hardening done around ESR_EL3 register usage - Panic if exception is anyting other than SError - AET bit is only valid if DFSC is 0x11, move DFSC check before AET. Signed-off-by: Manish Pandey Change-Id: Ib15159920f6cad964332fd40f88943aee2bc73b4 --- bl31/aarch64/ea_delegate.S | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/bl31/aarch64/ea_delegate.S b/bl31/aarch64/ea_delegate.S index 5e53ab4b6..dbb32344d 100644 --- a/bl31/aarch64/ea_delegate.S +++ b/bl31/aarch64/ea_delegate.S @@ -195,23 +195,30 @@ endfunc delegate_sync_ea */ func delegate_async_ea #if RAS_EXTENSION + /* Check Exception Class to ensure SError, as this function should + * only be invoked for SError. If that is not the case, which implies + * either an HW error or programming error, panic. + */ + ubfx x2, x1, #ESR_EC_SHIFT, #ESR_EC_LENGTH + cmp x2, EC_SERROR + b.ne do_panic /* * Check for Implementation Defined Syndrome. If so, skip checking * Uncontainable error type from the syndrome as the format is unknown. */ tbnz x1, #SERROR_IDS_BIT, 1f + /* AET only valid when DFSC is 0x11 */ + ubfx x2, x1, #EABORT_DFSC_SHIFT, #EABORT_DFSC_WIDTH + cmp x2, #DFSC_SERROR + b.ne 1f + /* * Check for Uncontainable error type. If so, route to the platform * fatal error handler rather than the generic EA one. */ - ubfx x2, x1, #EABORT_AET_SHIFT, #EABORT_AET_WIDTH - cmp x2, #ERROR_STATUS_UET_UC - b.ne 1f - - /* Check DFSC for SError type */ - ubfx x3, x1, #EABORT_DFSC_SHIFT, #EABORT_DFSC_WIDTH - cmp x3, #DFSC_SERROR + ubfx x3, x1, #EABORT_AET_SHIFT, #EABORT_AET_WIDTH + cmp x3, #ERROR_STATUS_UET_UC b.ne 1f no_ret plat_handle_uncontainable_ea -- 2.39.5