[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PULL 09/20] target/arm: Check for xPSR mismatch usage faul
From: |
Peter Maydell |
Subject: |
[Qemu-devel] [PULL 09/20] target/arm: Check for xPSR mismatch usage faults earlier for v8M |
Date: |
Fri, 6 Oct 2017 16:59:34 +0100 |
ARM v8M specifies that the INVPC usage fault for mismatched
xPSR exception field and handler mode bit should be checked
before updating the PSR and SP, so that the fault is taken
with the existing stack frame rather than by pushing a new one.
Perform this check in the right place for v8M.
Since v7M specifies in its pseudocode that this usage fault
check should happen later, we have to retain the original
code for that check rather than being able to merge the two.
(The distinction is architecturally visible but only in
very obscure corner cases like attempting an invalid exception
return with an exception frame in read only memory.)
Signed-off-by: Peter Maydell <address@hidden>
Reviewed-by: Richard Henderson <address@hidden>
Message-id: address@hidden
---
target/arm/helper.c | 30 +++++++++++++++++++++++++++---
1 file changed, 27 insertions(+), 3 deletions(-)
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 1bab86c..bee0f5d 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -6436,6 +6436,29 @@ static void do_v7m_exception_exit(ARMCPU *cpu)
}
xpsr = ldl_phys(cs->as, frameptr + 0x1c);
+ if (arm_feature(env, ARM_FEATURE_V8)) {
+ /* For v8M we have to check whether the xPSR exception field
+ * matches the EXCRET value for return to handler/thread
+ * before we commit to changing the SP and xPSR.
+ */
+ bool will_be_handler = (xpsr & XPSR_EXCP) != 0;
+ if (return_to_handler != will_be_handler) {
+ /* Take an INVPC UsageFault on the current stack.
+ * By this point we will have switched to the security state
+ * for the background state, so this UsageFault will target
+ * that state.
+ */
+ armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE,
+ env->v7m.secure);
+ env->v7m.cfsr[env->v7m.secure] |= R_V7M_CFSR_INVPC_MASK;
+ v7m_exception_taken(cpu, excret);
+ qemu_log_mask(CPU_LOG_INT, "...taking UsageFault on existing "
+ "stackframe: failed exception return integrity "
+ "check\n");
+ return;
+ }
+ }
+
/* Commit to consuming the stack frame */
frameptr += 0x20;
/* Undo stack alignment (the SPREALIGN bit indicates that the original
@@ -6455,12 +6478,13 @@ static void do_v7m_exception_exit(ARMCPU *cpu)
/* The restored xPSR exception field will be zero if we're
* resuming in Thread mode. If that doesn't match what the
* exception return excret specified then this is a UsageFault.
+ * v7M requires we make this check here; v8M did it earlier.
*/
if (return_to_handler != arm_v7m_is_handler_mode(env)) {
- /* Take an INVPC UsageFault by pushing the stack again.
- * TODO: the v8M version of this code should target the
- * background state for this exception.
+ /* Take an INVPC UsageFault by pushing the stack again;
+ * we know we're v7M so this is never a Secure UsageFault.
*/
+ assert(!arm_feature(env, ARM_FEATURE_V8));
armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE, false);
env->v7m.cfsr[env->v7m.secure] |= R_V7M_CFSR_INVPC_MASK;
v7m_push_stack(cpu);
--
2.7.4
- [Qemu-devel] [PULL 00/20] target-arm queue, Peter Maydell, 2017/10/06
- [Qemu-devel] [PULL 13/20] target/arm: Update excret sanity checks for v8M, Peter Maydell, 2017/10/06
- [Qemu-devel] [PULL 14/20] target/arm: Add support for restoring v8M additional state context, Peter Maydell, 2017/10/06
- [Qemu-devel] [PULL 16/20] nvic: Implement Security Attribution Unit registers, Peter Maydell, 2017/10/06
- [Qemu-devel] [PULL 09/20] target/arm: Check for xPSR mismatch usage faults earlier for v8M,
Peter Maydell <=
- [Qemu-devel] [PULL 18/20] target/arm: Fix calculation of secure mm_idx values, Peter Maydell, 2017/10/06
- [Qemu-devel] [PULL 15/20] target/arm: Add v8M support to exception entry code, Peter Maydell, 2017/10/06
- [Qemu-devel] [PULL 12/20] target/arm: Add new-in-v8M SFSR and SFAR, Peter Maydell, 2017/10/06
- [Qemu-devel] [PULL 10/20] target/arm: Warn about restoring to unaligned stack, Peter Maydell, 2017/10/06
- [Qemu-devel] [PULL 11/20] target/arm: Don't warn about exception return with PC low bit set for v8M, Peter Maydell, 2017/10/06
- [Qemu-devel] [PULL 08/20] target/arm: Restore SPSEL to correct CONTROL register on exception return, Peter Maydell, 2017/10/06
- [Qemu-devel] [PULL 03/20] hw/arm/xlnx-zynqmp: Mark the "xlnx, zynqmp" device with user_creatable = false, Peter Maydell, 2017/10/06
- [Qemu-devel] [PULL 04/20] nvic: Clear the vector arrays and prigroup on reset, Peter Maydell, 2017/10/06
- [Qemu-devel] [PULL 20/20] nvic: Add missing code for writing SHCSR.HARDFAULTPENDED bit, Peter Maydell, 2017/10/06
- [Qemu-devel] [PULL 02/20] hw/sd: fix out-of-bounds check for multi block reads, Peter Maydell, 2017/10/06