ShuriZma
/
xemu
mirror of https://github.com/xemu-project/xemu.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

target/arm: Allow for floating point in callee stack integrity check 

The magic value pushed onto the callee stack as an integrity
check is different if floating point is present.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190416125744.27770-15-peter.maydell@linaro.org
This commit is contained in:
Peter Maydell 2019-04-29 17:36:00 +01:00
parent 60fba59a2f
commit 0dc51d66fc
1 changed files with 19 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
target/arm/helper.c
View File

@ -7979,6 +7979,21 @@ load_fail:
return false; return false;
} }
static uint32_t v7m_integrity_sig(CPUARMState *env, uint32_t lr)
{
/*
* Return the integrity signature value for the callee-saves
* stack frame section. @lr is the exception return payload/LR value
* whose FType bit forms bit 0 of the signature if FP is present.
*/
uint32_t sig = 0xfefa125a;
if (!arm_feature(env, ARM_FEATURE_VFP) || (lr & R_V7M_EXCRET_FTYPE_MASK)) {
sig |= 1;
}
return sig;
}
static bool v7m_push_callee_stack(ARMCPU *cpu, uint32_t lr, bool dotailchain, static bool v7m_push_callee_stack(ARMCPU *cpu, uint32_t lr, bool dotailchain,
bool ignore_faults) bool ignore_faults)
{ {
@ -7993,6 +8008,7 @@ static bool v7m_push_callee_stack(ARMCPU *cpu, uint32_t lr, bool dotailchain,
bool stacked_ok; bool stacked_ok;
uint32_t limit; uint32_t limit;
bool want_psp; bool want_psp;
uint32_t sig;
if (dotailchain) { if (dotailchain) {
bool mode = lr & R_V7M_EXCRET_MODE_MASK; bool mode = lr & R_V7M_EXCRET_MODE_MASK;
@ -8034,8 +8050,9 @@ static bool v7m_push_callee_stack(ARMCPU *cpu, uint32_t lr, bool dotailchain,
/* Write as much of the stack frame as we can. A write failure may /* Write as much of the stack frame as we can. A write failure may
* cause us to pend a derived exception. * cause us to pend a derived exception.
*/ */
sig = v7m_integrity_sig(env, lr);
stacked_ok = stacked_ok =
v7m_stack_write(cpu, frameptr, 0xfefa125b, mmu_idx, ignore_faults) && v7m_stack_write(cpu, frameptr, sig, mmu_idx, ignore_faults) &&
v7m_stack_write(cpu, frameptr + 0x8, env->regs[4], mmu_idx, v7m_stack_write(cpu, frameptr + 0x8, env->regs[4], mmu_idx,
ignore_faults) && ignore_faults) &&
v7m_stack_write(cpu, frameptr + 0xc, env->regs[5], mmu_idx, v7m_stack_write(cpu, frameptr + 0xc, env->regs[5], mmu_idx,
@ -8640,12 +8657,11 @@ static void do_v7m_exception_exit(ARMCPU *cpu)
if (return_to_secure && if (return_to_secure &&
((excret & R_V7M_EXCRET_ES_MASK) == 0 || ((excret & R_V7M_EXCRET_ES_MASK) == 0 ||
(excret & R_V7M_EXCRET_DCRS_MASK) == 0)) { (excret & R_V7M_EXCRET_DCRS_MASK) == 0)) {
uint32_t expected_sig = 0xfefa125b;
uint32_t actual_sig; uint32_t actual_sig;
pop_ok = v7m_stack_read(cpu, &actual_sig, frameptr, mmu_idx); pop_ok = v7m_stack_read(cpu, &actual_sig, frameptr, mmu_idx);
if (pop_ok && expected_sig != actual_sig) { if (pop_ok && v7m_integrity_sig(env, excret) != actual_sig) {
/* Take a SecureFault on the current stack */ /* Take a SecureFault on the current stack */
env->v7m.sfsr |= R_V7M_SFSR_INVIS_MASK; env->v7m.sfsr |= R_V7M_SFSR_INVIS_MASK;
armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_SECURE, false); armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_SECURE, false);