From f8a35797b919d8ea041480bd5eb2a334e7056e0b Mon Sep 17 00:00:00 2001 From: Jayanth Dodderi Chidanand Date: Thu, 9 Mar 2023 13:56:03 +0000 Subject: [PATCH] fix(smccc): check smc_fid [23:17] bits As per SMCCC spec Table 2.1 bit 23:17 must be zero (MBZ), for all Fast Calls, when bit[31] == 1. Adding this check to ensure SMC FIDs when get to the SMC handler have these bits (23:17) cleared, if not capture and report them as an unknown SMCs at the core. Also the C runtime stack is copied to the stackpointer well in advance, to leverage the existing el3_exit routine for unknown SMC. Change-Id: I9972216db5ac164815011177945fb34dadc871b0 Signed-off-by: Jayanth Dodderi Chidanand --- bl31/aarch64/runtime_exceptions.S | 18 ++++++++++++++---- include/lib/smccc.h | 12 ++++++++---- 2 files changed, 22 insertions(+), 8 deletions(-) diff --git a/bl31/aarch64/runtime_exceptions.S b/bl31/aarch64/runtime_exceptions.S index 500e87b9a..2fa9f06c5 100644 --- a/bl31/aarch64/runtime_exceptions.S +++ b/bl31/aarch64/runtime_exceptions.S @@ -55,7 +55,7 @@ * delegated to platform EA handler. * * Without RAS_EXTENSION, this macro synchronizes pending errors using - * a DSB, unmasks Asynchronous External Aborts and saves X30 before + * a DSB, unmasks Asynchronous External Aborts and saves X30 before * setting the flag CTX_IS_IN_EL3. */ .macro check_and_unmask_ea @@ -506,6 +506,17 @@ sync_handler64: /* Copy SCR_EL3.NS bit to the flag to indicate caller's security */ bfi x7, x18, #0, #1 + mov sp, x12 + + /* + * Per SMCCC documentation, bits [23:17] must be zero for Fast + * SMCs. Other values are reserved for future use. Ensure that + * these bits are zeroes, if not report as unknown SMC. + */ + tbz x0, #FUNCID_TYPE_SHIFT, 2f /* Skip check if its a Yield Call*/ + tst x0, #(FUNCID_FC_RESERVED_MASK << FUNCID_FC_RESERVED_SHIFT) + b.ne smc_unknown + /* * Per SMCCCv1.3 a caller can set the SVE hint bit in the SMC FID * passed through x0. Copy the SVE hint bit to flags and mask the @@ -513,11 +524,10 @@ sync_handler64: * A service/dispatcher can retrieve the SVE hint bit state from * flags using the appropriate helper. */ +2: bfi x7, x0, #FUNCID_SVE_HINT_SHIFT, #FUNCID_SVE_HINT_MASK bic x0, x0, #(FUNCID_SVE_HINT_MASK << FUNCID_SVE_HINT_SHIFT) - mov sp, x12 - /* Get the unique owning entity number */ ubfx x16, x0, #FUNCID_OEN_SHIFT, #FUNCID_OEN_WIDTH ubfx x15, x0, #FUNCID_TYPE_SHIFT, #FUNCID_TYPE_WIDTH @@ -584,7 +594,7 @@ smc_unknown: * Unknown SMC call. Populate return value with SMC_UNK and call * el3_exit() which will restore the remaining architectural state * i.e., SYS, GP and PAuth registers(if any) prior to issuing the ERET - * to the desired lower EL. + * to the desired lower EL. */ mov x0, #SMC_UNK str x0, [x6, #CTX_GPREGS_OFFSET + CTX_GPREG_X0] diff --git a/include/lib/smccc.h b/include/lib/smccc.h index cce91afe2..63637d57e 100644 --- a/include/lib/smccc.h +++ b/include/lib/smccc.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2016-2022, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2016-2023, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -37,9 +37,13 @@ #define FUNCID_OEN_MASK U(0x3f) #define FUNCID_OEN_WIDTH U(6) -#define FUNCID_SVE_HINT_SHIFT U(16) -#define FUNCID_SVE_HINT_MASK U(1) -#define FUNCID_SVE_HINT_WIDTH U(1) +#define FUNCID_FC_RESERVED_SHIFT U(17) +#define FUNCID_FC_RESERVED_MASK U(0x7f) +#define FUNCID_FC_RESERVED_WIDTH U(7) + +#define FUNCID_SVE_HINT_SHIFT U(16) +#define FUNCID_SVE_HINT_MASK U(1) +#define FUNCID_SVE_HINT_WIDTH U(1) #define FUNCID_NUM_SHIFT U(0) #define FUNCID_NUM_MASK U(0xffff) -- 2.39.5