2016-01-04 21:37:32 +07:00
|
|
|
/*
|
|
|
|
* Copyright (c) 2015, Linaro Limited
|
|
|
|
*
|
|
|
|
* This software is licensed under the terms of the GNU General Public
|
|
|
|
* License version 2, as published by the Free Software Foundation, and
|
|
|
|
* may be copied, distributed, and modified under those terms.
|
|
|
|
*
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
#ifndef __LINUX_ARM_SMCCC_H
|
|
|
|
#define __LINUX_ARM_SMCCC_H
|
|
|
|
|
2018-02-07 00:56:18 +07:00
|
|
|
#include <uapi/linux/const.h>
|
|
|
|
|
2016-01-04 21:37:32 +07:00
|
|
|
/*
|
|
|
|
* This file provides common defines for ARM SMC Calling Convention as
|
|
|
|
* specified in
|
|
|
|
* http://infocenter.arm.com/help/topic/com.arm.doc.den0028a/index.html
|
|
|
|
*/
|
|
|
|
|
2018-02-07 00:56:18 +07:00
|
|
|
#define ARM_SMCCC_STD_CALL _AC(0,U)
|
|
|
|
#define ARM_SMCCC_FAST_CALL _AC(1,U)
|
2016-01-04 21:37:32 +07:00
|
|
|
#define ARM_SMCCC_TYPE_SHIFT 31
|
|
|
|
|
|
|
|
#define ARM_SMCCC_SMC_32 0
|
|
|
|
#define ARM_SMCCC_SMC_64 1
|
|
|
|
#define ARM_SMCCC_CALL_CONV_SHIFT 30
|
|
|
|
|
|
|
|
#define ARM_SMCCC_OWNER_MASK 0x3F
|
|
|
|
#define ARM_SMCCC_OWNER_SHIFT 24
|
|
|
|
|
|
|
|
#define ARM_SMCCC_FUNC_MASK 0xFFFF
|
|
|
|
|
|
|
|
#define ARM_SMCCC_IS_FAST_CALL(smc_val) \
|
|
|
|
((smc_val) & (ARM_SMCCC_FAST_CALL << ARM_SMCCC_TYPE_SHIFT))
|
|
|
|
#define ARM_SMCCC_IS_64(smc_val) \
|
|
|
|
((smc_val) & (ARM_SMCCC_SMC_64 << ARM_SMCCC_CALL_CONV_SHIFT))
|
|
|
|
#define ARM_SMCCC_FUNC_NUM(smc_val) ((smc_val) & ARM_SMCCC_FUNC_MASK)
|
|
|
|
#define ARM_SMCCC_OWNER_NUM(smc_val) \
|
|
|
|
(((smc_val) >> ARM_SMCCC_OWNER_SHIFT) & ARM_SMCCC_OWNER_MASK)
|
|
|
|
|
|
|
|
#define ARM_SMCCC_CALL_VAL(type, calling_convention, owner, func_num) \
|
|
|
|
(((type) << ARM_SMCCC_TYPE_SHIFT) | \
|
|
|
|
((calling_convention) << ARM_SMCCC_CALL_CONV_SHIFT) | \
|
|
|
|
(((owner) & ARM_SMCCC_OWNER_MASK) << ARM_SMCCC_OWNER_SHIFT) | \
|
|
|
|
((func_num) & ARM_SMCCC_FUNC_MASK))
|
|
|
|
|
|
|
|
#define ARM_SMCCC_OWNER_ARCH 0
|
|
|
|
#define ARM_SMCCC_OWNER_CPU 1
|
|
|
|
#define ARM_SMCCC_OWNER_SIP 2
|
|
|
|
#define ARM_SMCCC_OWNER_OEM 3
|
|
|
|
#define ARM_SMCCC_OWNER_STANDARD 4
|
|
|
|
#define ARM_SMCCC_OWNER_TRUSTED_APP 48
|
|
|
|
#define ARM_SMCCC_OWNER_TRUSTED_APP_END 49
|
|
|
|
#define ARM_SMCCC_OWNER_TRUSTED_OS 50
|
|
|
|
#define ARM_SMCCC_OWNER_TRUSTED_OS_END 63
|
|
|
|
|
2017-02-02 00:28:28 +07:00
|
|
|
#define ARM_SMCCC_QUIRK_NONE 0
|
|
|
|
#define ARM_SMCCC_QUIRK_QCOM_A6 1 /* Save/restore register a6 */
|
|
|
|
|
2018-02-07 00:56:12 +07:00
|
|
|
#define ARM_SMCCC_VERSION_1_0 0x10000
|
|
|
|
#define ARM_SMCCC_VERSION_1_1 0x10001
|
|
|
|
|
|
|
|
#define ARM_SMCCC_VERSION_FUNC_ID \
|
|
|
|
ARM_SMCCC_CALL_VAL(ARM_SMCCC_FAST_CALL, \
|
|
|
|
ARM_SMCCC_SMC_32, \
|
|
|
|
0, 0)
|
|
|
|
|
|
|
|
#define ARM_SMCCC_ARCH_FEATURES_FUNC_ID \
|
|
|
|
ARM_SMCCC_CALL_VAL(ARM_SMCCC_FAST_CALL, \
|
|
|
|
ARM_SMCCC_SMC_32, \
|
|
|
|
0, 1)
|
|
|
|
|
2018-02-07 00:56:14 +07:00
|
|
|
#define ARM_SMCCC_ARCH_WORKAROUND_1 \
|
|
|
|
ARM_SMCCC_CALL_VAL(ARM_SMCCC_FAST_CALL, \
|
|
|
|
ARM_SMCCC_SMC_32, \
|
|
|
|
0, 0x8000)
|
|
|
|
|
2018-05-29 19:11:06 +07:00
|
|
|
#define ARM_SMCCC_ARCH_WORKAROUND_2 \
|
|
|
|
ARM_SMCCC_CALL_VAL(ARM_SMCCC_FAST_CALL, \
|
|
|
|
ARM_SMCCC_SMC_32, \
|
|
|
|
0, 0x7fff)
|
|
|
|
|
2017-02-02 00:28:28 +07:00
|
|
|
#ifndef __ASSEMBLY__
|
|
|
|
|
|
|
|
#include <linux/linkage.h>
|
|
|
|
#include <linux/types.h>
|
2016-01-04 21:37:32 +07:00
|
|
|
/**
|
|
|
|
* struct arm_smccc_res - Result from SMC/HVC call
|
|
|
|
* @a0-a3 result values from registers 0 to 3
|
|
|
|
*/
|
|
|
|
struct arm_smccc_res {
|
|
|
|
unsigned long a0;
|
|
|
|
unsigned long a1;
|
|
|
|
unsigned long a2;
|
|
|
|
unsigned long a3;
|
|
|
|
};
|
|
|
|
|
|
|
|
/**
|
2017-02-02 00:28:27 +07:00
|
|
|
* struct arm_smccc_quirk - Contains quirk information
|
|
|
|
* @id: quirk identification
|
|
|
|
* @state: quirk specific information
|
|
|
|
* @a6: Qualcomm quirk entry for returning post-smc call contents of a6
|
|
|
|
*/
|
|
|
|
struct arm_smccc_quirk {
|
|
|
|
int id;
|
|
|
|
union {
|
|
|
|
unsigned long a6;
|
|
|
|
} state;
|
|
|
|
};
|
|
|
|
|
|
|
|
/**
|
|
|
|
* __arm_smccc_smc() - make SMC calls
|
2016-01-04 21:37:32 +07:00
|
|
|
* @a0-a7: arguments passed in registers 0 to 7
|
|
|
|
* @res: result values from registers 0 to 3
|
2017-02-02 00:28:27 +07:00
|
|
|
* @quirk: points to an arm_smccc_quirk, or NULL when no quirks are required.
|
2016-01-04 21:37:32 +07:00
|
|
|
*
|
|
|
|
* This function is used to make SMC calls following SMC Calling Convention.
|
|
|
|
* The content of the supplied param are copied to registers 0 to 7 prior
|
|
|
|
* to the SMC instruction. The return values are updated with the content
|
2017-02-02 00:28:27 +07:00
|
|
|
* from register 0 to 3 on return from the SMC instruction. An optional
|
|
|
|
* quirk structure provides vendor specific behavior.
|
2016-01-04 21:37:32 +07:00
|
|
|
*/
|
2017-02-02 00:28:27 +07:00
|
|
|
asmlinkage void __arm_smccc_smc(unsigned long a0, unsigned long a1,
|
2016-01-04 21:37:32 +07:00
|
|
|
unsigned long a2, unsigned long a3, unsigned long a4,
|
|
|
|
unsigned long a5, unsigned long a6, unsigned long a7,
|
2017-02-02 00:28:27 +07:00
|
|
|
struct arm_smccc_res *res, struct arm_smccc_quirk *quirk);
|
2016-01-04 21:37:32 +07:00
|
|
|
|
|
|
|
/**
|
2017-02-02 00:28:27 +07:00
|
|
|
* __arm_smccc_hvc() - make HVC calls
|
2016-01-04 21:37:32 +07:00
|
|
|
* @a0-a7: arguments passed in registers 0 to 7
|
|
|
|
* @res: result values from registers 0 to 3
|
2017-02-08 21:54:12 +07:00
|
|
|
* @quirk: points to an arm_smccc_quirk, or NULL when no quirks are required.
|
2016-01-04 21:37:32 +07:00
|
|
|
*
|
|
|
|
* This function is used to make HVC calls following SMC Calling
|
|
|
|
* Convention. The content of the supplied param are copied to registers 0
|
|
|
|
* to 7 prior to the HVC instruction. The return values are updated with
|
2017-02-02 00:28:27 +07:00
|
|
|
* the content from register 0 to 3 on return from the HVC instruction. An
|
|
|
|
* optional quirk structure provides vendor specific behavior.
|
2016-01-04 21:37:32 +07:00
|
|
|
*/
|
2017-02-02 00:28:27 +07:00
|
|
|
asmlinkage void __arm_smccc_hvc(unsigned long a0, unsigned long a1,
|
2016-01-04 21:37:32 +07:00
|
|
|
unsigned long a2, unsigned long a3, unsigned long a4,
|
|
|
|
unsigned long a5, unsigned long a6, unsigned long a7,
|
2017-02-02 00:28:27 +07:00
|
|
|
struct arm_smccc_res *res, struct arm_smccc_quirk *quirk);
|
|
|
|
|
|
|
|
#define arm_smccc_smc(...) __arm_smccc_smc(__VA_ARGS__, NULL)
|
|
|
|
|
|
|
|
#define arm_smccc_smc_quirk(...) __arm_smccc_smc(__VA_ARGS__)
|
|
|
|
|
|
|
|
#define arm_smccc_hvc(...) __arm_smccc_hvc(__VA_ARGS__, NULL)
|
|
|
|
|
|
|
|
#define arm_smccc_hvc_quirk(...) __arm_smccc_hvc(__VA_ARGS__)
|
2016-01-04 21:37:32 +07:00
|
|
|
|
2018-02-07 00:56:19 +07:00
|
|
|
/* SMCCC v1.1 implementation madness follows */
|
|
|
|
#ifdef CONFIG_ARM64
|
|
|
|
|
|
|
|
#define SMCCC_SMC_INST "smc #0"
|
|
|
|
#define SMCCC_HVC_INST "hvc #0"
|
|
|
|
|
|
|
|
#elif defined(CONFIG_ARM)
|
|
|
|
#include <asm/opcodes-sec.h>
|
|
|
|
#include <asm/opcodes-virt.h>
|
|
|
|
|
|
|
|
#define SMCCC_SMC_INST __SMC(0)
|
|
|
|
#define SMCCC_HVC_INST __HVC(0)
|
|
|
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#define ___count_args(_0, _1, _2, _3, _4, _5, _6, _7, _8, x, ...) x
|
|
|
|
|
|
|
|
#define __count_args(...) \
|
|
|
|
___count_args(__VA_ARGS__, 7, 6, 5, 4, 3, 2, 1, 0)
|
|
|
|
|
|
|
|
#define __constraint_write_0 \
|
|
|
|
"+r" (r0), "=&r" (r1), "=&r" (r2), "=&r" (r3)
|
|
|
|
#define __constraint_write_1 \
|
|
|
|
"+r" (r0), "+r" (r1), "=&r" (r2), "=&r" (r3)
|
|
|
|
#define __constraint_write_2 \
|
|
|
|
"+r" (r0), "+r" (r1), "+r" (r2), "=&r" (r3)
|
|
|
|
#define __constraint_write_3 \
|
|
|
|
"+r" (r0), "+r" (r1), "+r" (r2), "+r" (r3)
|
|
|
|
#define __constraint_write_4 __constraint_write_3
|
|
|
|
#define __constraint_write_5 __constraint_write_4
|
|
|
|
#define __constraint_write_6 __constraint_write_5
|
|
|
|
#define __constraint_write_7 __constraint_write_6
|
|
|
|
|
|
|
|
#define __constraint_read_0
|
|
|
|
#define __constraint_read_1
|
|
|
|
#define __constraint_read_2
|
|
|
|
#define __constraint_read_3
|
|
|
|
#define __constraint_read_4 "r" (r4)
|
|
|
|
#define __constraint_read_5 __constraint_read_4, "r" (r5)
|
|
|
|
#define __constraint_read_6 __constraint_read_5, "r" (r6)
|
|
|
|
#define __constraint_read_7 __constraint_read_6, "r" (r7)
|
|
|
|
|
|
|
|
#define __declare_arg_0(a0, res) \
|
|
|
|
struct arm_smccc_res *___res = res; \
|
2018-08-24 21:08:29 +07:00
|
|
|
register unsigned long r0 asm("r0") = (u32)a0; \
|
2018-02-07 00:56:19 +07:00
|
|
|
register unsigned long r1 asm("r1"); \
|
|
|
|
register unsigned long r2 asm("r2"); \
|
|
|
|
register unsigned long r3 asm("r3")
|
|
|
|
|
|
|
|
#define __declare_arg_1(a0, a1, res) \
|
arm/arm64: smccc-1.1: Handle function result as parameters
If someone has the silly idea to write something along those lines:
extern u64 foo(void);
void bar(struct arm_smccc_res *res)
{
arm_smccc_1_1_smc(0xbad, foo(), res);
}
they are in for a surprise, as this gets compiled as:
0000000000000588 <bar>:
588: a9be7bfd stp x29, x30, [sp, #-32]!
58c: 910003fd mov x29, sp
590: f9000bf3 str x19, [sp, #16]
594: aa0003f3 mov x19, x0
598: aa1e03e0 mov x0, x30
59c: 94000000 bl 0 <_mcount>
5a0: 94000000 bl 0 <foo>
5a4: aa0003e1 mov x1, x0
5a8: d4000003 smc #0x0
5ac: b4000073 cbz x19, 5b8 <bar+0x30>
5b0: a9000660 stp x0, x1, [x19]
5b4: a9010e62 stp x2, x3, [x19, #16]
5b8: f9400bf3 ldr x19, [sp, #16]
5bc: a8c27bfd ldp x29, x30, [sp], #32
5c0: d65f03c0 ret
5c4: d503201f nop
The call to foo "overwrites" the x0 register for the return value,
and we end up calling the wrong secure service.
A solution is to evaluate all the parameters before assigning
anything to specific registers, leading to the expected result:
0000000000000588 <bar>:
588: a9be7bfd stp x29, x30, [sp, #-32]!
58c: 910003fd mov x29, sp
590: f9000bf3 str x19, [sp, #16]
594: aa0003f3 mov x19, x0
598: aa1e03e0 mov x0, x30
59c: 94000000 bl 0 <_mcount>
5a0: 94000000 bl 0 <foo>
5a4: aa0003e1 mov x1, x0
5a8: d28175a0 mov x0, #0xbad
5ac: d4000003 smc #0x0
5b0: b4000073 cbz x19, 5bc <bar+0x34>
5b4: a9000660 stp x0, x1, [x19]
5b8: a9010e62 stp x2, x3, [x19, #16]
5bc: f9400bf3 ldr x19, [sp, #16]
5c0: a8c27bfd ldp x29, x30, [sp], #32
5c4: d65f03c0 ret
Reported-by: Julien Grall <julien.grall@arm.com>
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
2018-08-24 21:08:30 +07:00
|
|
|
typeof(a1) __a1 = a1; \
|
2018-02-07 00:56:19 +07:00
|
|
|
struct arm_smccc_res *___res = res; \
|
2018-08-24 21:08:29 +07:00
|
|
|
register unsigned long r0 asm("r0") = (u32)a0; \
|
arm/arm64: smccc-1.1: Handle function result as parameters
If someone has the silly idea to write something along those lines:
extern u64 foo(void);
void bar(struct arm_smccc_res *res)
{
arm_smccc_1_1_smc(0xbad, foo(), res);
}
they are in for a surprise, as this gets compiled as:
0000000000000588 <bar>:
588: a9be7bfd stp x29, x30, [sp, #-32]!
58c: 910003fd mov x29, sp
590: f9000bf3 str x19, [sp, #16]
594: aa0003f3 mov x19, x0
598: aa1e03e0 mov x0, x30
59c: 94000000 bl 0 <_mcount>
5a0: 94000000 bl 0 <foo>
5a4: aa0003e1 mov x1, x0
5a8: d4000003 smc #0x0
5ac: b4000073 cbz x19, 5b8 <bar+0x30>
5b0: a9000660 stp x0, x1, [x19]
5b4: a9010e62 stp x2, x3, [x19, #16]
5b8: f9400bf3 ldr x19, [sp, #16]
5bc: a8c27bfd ldp x29, x30, [sp], #32
5c0: d65f03c0 ret
5c4: d503201f nop
The call to foo "overwrites" the x0 register for the return value,
and we end up calling the wrong secure service.
A solution is to evaluate all the parameters before assigning
anything to specific registers, leading to the expected result:
0000000000000588 <bar>:
588: a9be7bfd stp x29, x30, [sp, #-32]!
58c: 910003fd mov x29, sp
590: f9000bf3 str x19, [sp, #16]
594: aa0003f3 mov x19, x0
598: aa1e03e0 mov x0, x30
59c: 94000000 bl 0 <_mcount>
5a0: 94000000 bl 0 <foo>
5a4: aa0003e1 mov x1, x0
5a8: d28175a0 mov x0, #0xbad
5ac: d4000003 smc #0x0
5b0: b4000073 cbz x19, 5bc <bar+0x34>
5b4: a9000660 stp x0, x1, [x19]
5b8: a9010e62 stp x2, x3, [x19, #16]
5bc: f9400bf3 ldr x19, [sp, #16]
5c0: a8c27bfd ldp x29, x30, [sp], #32
5c4: d65f03c0 ret
Reported-by: Julien Grall <julien.grall@arm.com>
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
2018-08-24 21:08:30 +07:00
|
|
|
register unsigned long r1 asm("r1") = __a1; \
|
2018-02-07 00:56:19 +07:00
|
|
|
register unsigned long r2 asm("r2"); \
|
|
|
|
register unsigned long r3 asm("r3")
|
|
|
|
|
|
|
|
#define __declare_arg_2(a0, a1, a2, res) \
|
arm/arm64: smccc-1.1: Handle function result as parameters
If someone has the silly idea to write something along those lines:
extern u64 foo(void);
void bar(struct arm_smccc_res *res)
{
arm_smccc_1_1_smc(0xbad, foo(), res);
}
they are in for a surprise, as this gets compiled as:
0000000000000588 <bar>:
588: a9be7bfd stp x29, x30, [sp, #-32]!
58c: 910003fd mov x29, sp
590: f9000bf3 str x19, [sp, #16]
594: aa0003f3 mov x19, x0
598: aa1e03e0 mov x0, x30
59c: 94000000 bl 0 <_mcount>
5a0: 94000000 bl 0 <foo>
5a4: aa0003e1 mov x1, x0
5a8: d4000003 smc #0x0
5ac: b4000073 cbz x19, 5b8 <bar+0x30>
5b0: a9000660 stp x0, x1, [x19]
5b4: a9010e62 stp x2, x3, [x19, #16]
5b8: f9400bf3 ldr x19, [sp, #16]
5bc: a8c27bfd ldp x29, x30, [sp], #32
5c0: d65f03c0 ret
5c4: d503201f nop
The call to foo "overwrites" the x0 register for the return value,
and we end up calling the wrong secure service.
A solution is to evaluate all the parameters before assigning
anything to specific registers, leading to the expected result:
0000000000000588 <bar>:
588: a9be7bfd stp x29, x30, [sp, #-32]!
58c: 910003fd mov x29, sp
590: f9000bf3 str x19, [sp, #16]
594: aa0003f3 mov x19, x0
598: aa1e03e0 mov x0, x30
59c: 94000000 bl 0 <_mcount>
5a0: 94000000 bl 0 <foo>
5a4: aa0003e1 mov x1, x0
5a8: d28175a0 mov x0, #0xbad
5ac: d4000003 smc #0x0
5b0: b4000073 cbz x19, 5bc <bar+0x34>
5b4: a9000660 stp x0, x1, [x19]
5b8: a9010e62 stp x2, x3, [x19, #16]
5bc: f9400bf3 ldr x19, [sp, #16]
5c0: a8c27bfd ldp x29, x30, [sp], #32
5c4: d65f03c0 ret
Reported-by: Julien Grall <julien.grall@arm.com>
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
2018-08-24 21:08:30 +07:00
|
|
|
typeof(a1) __a1 = a1; \
|
|
|
|
typeof(a2) __a2 = a2; \
|
2018-02-07 00:56:19 +07:00
|
|
|
struct arm_smccc_res *___res = res; \
|
2018-08-24 21:08:29 +07:00
|
|
|
register unsigned long r0 asm("r0") = (u32)a0; \
|
arm/arm64: smccc-1.1: Handle function result as parameters
If someone has the silly idea to write something along those lines:
extern u64 foo(void);
void bar(struct arm_smccc_res *res)
{
arm_smccc_1_1_smc(0xbad, foo(), res);
}
they are in for a surprise, as this gets compiled as:
0000000000000588 <bar>:
588: a9be7bfd stp x29, x30, [sp, #-32]!
58c: 910003fd mov x29, sp
590: f9000bf3 str x19, [sp, #16]
594: aa0003f3 mov x19, x0
598: aa1e03e0 mov x0, x30
59c: 94000000 bl 0 <_mcount>
5a0: 94000000 bl 0 <foo>
5a4: aa0003e1 mov x1, x0
5a8: d4000003 smc #0x0
5ac: b4000073 cbz x19, 5b8 <bar+0x30>
5b0: a9000660 stp x0, x1, [x19]
5b4: a9010e62 stp x2, x3, [x19, #16]
5b8: f9400bf3 ldr x19, [sp, #16]
5bc: a8c27bfd ldp x29, x30, [sp], #32
5c0: d65f03c0 ret
5c4: d503201f nop
The call to foo "overwrites" the x0 register for the return value,
and we end up calling the wrong secure service.
A solution is to evaluate all the parameters before assigning
anything to specific registers, leading to the expected result:
0000000000000588 <bar>:
588: a9be7bfd stp x29, x30, [sp, #-32]!
58c: 910003fd mov x29, sp
590: f9000bf3 str x19, [sp, #16]
594: aa0003f3 mov x19, x0
598: aa1e03e0 mov x0, x30
59c: 94000000 bl 0 <_mcount>
5a0: 94000000 bl 0 <foo>
5a4: aa0003e1 mov x1, x0
5a8: d28175a0 mov x0, #0xbad
5ac: d4000003 smc #0x0
5b0: b4000073 cbz x19, 5bc <bar+0x34>
5b4: a9000660 stp x0, x1, [x19]
5b8: a9010e62 stp x2, x3, [x19, #16]
5bc: f9400bf3 ldr x19, [sp, #16]
5c0: a8c27bfd ldp x29, x30, [sp], #32
5c4: d65f03c0 ret
Reported-by: Julien Grall <julien.grall@arm.com>
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
2018-08-24 21:08:30 +07:00
|
|
|
register unsigned long r1 asm("r1") = __a1; \
|
|
|
|
register unsigned long r2 asm("r2") = __a2; \
|
2018-02-07 00:56:19 +07:00
|
|
|
register unsigned long r3 asm("r3")
|
|
|
|
|
|
|
|
#define __declare_arg_3(a0, a1, a2, a3, res) \
|
arm/arm64: smccc-1.1: Handle function result as parameters
If someone has the silly idea to write something along those lines:
extern u64 foo(void);
void bar(struct arm_smccc_res *res)
{
arm_smccc_1_1_smc(0xbad, foo(), res);
}
they are in for a surprise, as this gets compiled as:
0000000000000588 <bar>:
588: a9be7bfd stp x29, x30, [sp, #-32]!
58c: 910003fd mov x29, sp
590: f9000bf3 str x19, [sp, #16]
594: aa0003f3 mov x19, x0
598: aa1e03e0 mov x0, x30
59c: 94000000 bl 0 <_mcount>
5a0: 94000000 bl 0 <foo>
5a4: aa0003e1 mov x1, x0
5a8: d4000003 smc #0x0
5ac: b4000073 cbz x19, 5b8 <bar+0x30>
5b0: a9000660 stp x0, x1, [x19]
5b4: a9010e62 stp x2, x3, [x19, #16]
5b8: f9400bf3 ldr x19, [sp, #16]
5bc: a8c27bfd ldp x29, x30, [sp], #32
5c0: d65f03c0 ret
5c4: d503201f nop
The call to foo "overwrites" the x0 register for the return value,
and we end up calling the wrong secure service.
A solution is to evaluate all the parameters before assigning
anything to specific registers, leading to the expected result:
0000000000000588 <bar>:
588: a9be7bfd stp x29, x30, [sp, #-32]!
58c: 910003fd mov x29, sp
590: f9000bf3 str x19, [sp, #16]
594: aa0003f3 mov x19, x0
598: aa1e03e0 mov x0, x30
59c: 94000000 bl 0 <_mcount>
5a0: 94000000 bl 0 <foo>
5a4: aa0003e1 mov x1, x0
5a8: d28175a0 mov x0, #0xbad
5ac: d4000003 smc #0x0
5b0: b4000073 cbz x19, 5bc <bar+0x34>
5b4: a9000660 stp x0, x1, [x19]
5b8: a9010e62 stp x2, x3, [x19, #16]
5bc: f9400bf3 ldr x19, [sp, #16]
5c0: a8c27bfd ldp x29, x30, [sp], #32
5c4: d65f03c0 ret
Reported-by: Julien Grall <julien.grall@arm.com>
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
2018-08-24 21:08:30 +07:00
|
|
|
typeof(a1) __a1 = a1; \
|
|
|
|
typeof(a2) __a2 = a2; \
|
|
|
|
typeof(a3) __a3 = a3; \
|
2018-02-07 00:56:19 +07:00
|
|
|
struct arm_smccc_res *___res = res; \
|
2018-08-24 21:08:29 +07:00
|
|
|
register unsigned long r0 asm("r0") = (u32)a0; \
|
arm/arm64: smccc-1.1: Handle function result as parameters
If someone has the silly idea to write something along those lines:
extern u64 foo(void);
void bar(struct arm_smccc_res *res)
{
arm_smccc_1_1_smc(0xbad, foo(), res);
}
they are in for a surprise, as this gets compiled as:
0000000000000588 <bar>:
588: a9be7bfd stp x29, x30, [sp, #-32]!
58c: 910003fd mov x29, sp
590: f9000bf3 str x19, [sp, #16]
594: aa0003f3 mov x19, x0
598: aa1e03e0 mov x0, x30
59c: 94000000 bl 0 <_mcount>
5a0: 94000000 bl 0 <foo>
5a4: aa0003e1 mov x1, x0
5a8: d4000003 smc #0x0
5ac: b4000073 cbz x19, 5b8 <bar+0x30>
5b0: a9000660 stp x0, x1, [x19]
5b4: a9010e62 stp x2, x3, [x19, #16]
5b8: f9400bf3 ldr x19, [sp, #16]
5bc: a8c27bfd ldp x29, x30, [sp], #32
5c0: d65f03c0 ret
5c4: d503201f nop
The call to foo "overwrites" the x0 register for the return value,
and we end up calling the wrong secure service.
A solution is to evaluate all the parameters before assigning
anything to specific registers, leading to the expected result:
0000000000000588 <bar>:
588: a9be7bfd stp x29, x30, [sp, #-32]!
58c: 910003fd mov x29, sp
590: f9000bf3 str x19, [sp, #16]
594: aa0003f3 mov x19, x0
598: aa1e03e0 mov x0, x30
59c: 94000000 bl 0 <_mcount>
5a0: 94000000 bl 0 <foo>
5a4: aa0003e1 mov x1, x0
5a8: d28175a0 mov x0, #0xbad
5ac: d4000003 smc #0x0
5b0: b4000073 cbz x19, 5bc <bar+0x34>
5b4: a9000660 stp x0, x1, [x19]
5b8: a9010e62 stp x2, x3, [x19, #16]
5bc: f9400bf3 ldr x19, [sp, #16]
5c0: a8c27bfd ldp x29, x30, [sp], #32
5c4: d65f03c0 ret
Reported-by: Julien Grall <julien.grall@arm.com>
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
2018-08-24 21:08:30 +07:00
|
|
|
register unsigned long r1 asm("r1") = __a1; \
|
|
|
|
register unsigned long r2 asm("r2") = __a2; \
|
|
|
|
register unsigned long r3 asm("r3") = __a3
|
2018-02-07 00:56:19 +07:00
|
|
|
|
|
|
|
#define __declare_arg_4(a0, a1, a2, a3, a4, res) \
|
arm/arm64: smccc-1.1: Handle function result as parameters
If someone has the silly idea to write something along those lines:
extern u64 foo(void);
void bar(struct arm_smccc_res *res)
{
arm_smccc_1_1_smc(0xbad, foo(), res);
}
they are in for a surprise, as this gets compiled as:
0000000000000588 <bar>:
588: a9be7bfd stp x29, x30, [sp, #-32]!
58c: 910003fd mov x29, sp
590: f9000bf3 str x19, [sp, #16]
594: aa0003f3 mov x19, x0
598: aa1e03e0 mov x0, x30
59c: 94000000 bl 0 <_mcount>
5a0: 94000000 bl 0 <foo>
5a4: aa0003e1 mov x1, x0
5a8: d4000003 smc #0x0
5ac: b4000073 cbz x19, 5b8 <bar+0x30>
5b0: a9000660 stp x0, x1, [x19]
5b4: a9010e62 stp x2, x3, [x19, #16]
5b8: f9400bf3 ldr x19, [sp, #16]
5bc: a8c27bfd ldp x29, x30, [sp], #32
5c0: d65f03c0 ret
5c4: d503201f nop
The call to foo "overwrites" the x0 register for the return value,
and we end up calling the wrong secure service.
A solution is to evaluate all the parameters before assigning
anything to specific registers, leading to the expected result:
0000000000000588 <bar>:
588: a9be7bfd stp x29, x30, [sp, #-32]!
58c: 910003fd mov x29, sp
590: f9000bf3 str x19, [sp, #16]
594: aa0003f3 mov x19, x0
598: aa1e03e0 mov x0, x30
59c: 94000000 bl 0 <_mcount>
5a0: 94000000 bl 0 <foo>
5a4: aa0003e1 mov x1, x0
5a8: d28175a0 mov x0, #0xbad
5ac: d4000003 smc #0x0
5b0: b4000073 cbz x19, 5bc <bar+0x34>
5b4: a9000660 stp x0, x1, [x19]
5b8: a9010e62 stp x2, x3, [x19, #16]
5bc: f9400bf3 ldr x19, [sp, #16]
5c0: a8c27bfd ldp x29, x30, [sp], #32
5c4: d65f03c0 ret
Reported-by: Julien Grall <julien.grall@arm.com>
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
2018-08-24 21:08:30 +07:00
|
|
|
typeof(a4) __a4 = a4; \
|
2018-02-07 00:56:19 +07:00
|
|
|
__declare_arg_3(a0, a1, a2, a3, res); \
|
arm/arm64: smccc-1.1: Handle function result as parameters
If someone has the silly idea to write something along those lines:
extern u64 foo(void);
void bar(struct arm_smccc_res *res)
{
arm_smccc_1_1_smc(0xbad, foo(), res);
}
they are in for a surprise, as this gets compiled as:
0000000000000588 <bar>:
588: a9be7bfd stp x29, x30, [sp, #-32]!
58c: 910003fd mov x29, sp
590: f9000bf3 str x19, [sp, #16]
594: aa0003f3 mov x19, x0
598: aa1e03e0 mov x0, x30
59c: 94000000 bl 0 <_mcount>
5a0: 94000000 bl 0 <foo>
5a4: aa0003e1 mov x1, x0
5a8: d4000003 smc #0x0
5ac: b4000073 cbz x19, 5b8 <bar+0x30>
5b0: a9000660 stp x0, x1, [x19]
5b4: a9010e62 stp x2, x3, [x19, #16]
5b8: f9400bf3 ldr x19, [sp, #16]
5bc: a8c27bfd ldp x29, x30, [sp], #32
5c0: d65f03c0 ret
5c4: d503201f nop
The call to foo "overwrites" the x0 register for the return value,
and we end up calling the wrong secure service.
A solution is to evaluate all the parameters before assigning
anything to specific registers, leading to the expected result:
0000000000000588 <bar>:
588: a9be7bfd stp x29, x30, [sp, #-32]!
58c: 910003fd mov x29, sp
590: f9000bf3 str x19, [sp, #16]
594: aa0003f3 mov x19, x0
598: aa1e03e0 mov x0, x30
59c: 94000000 bl 0 <_mcount>
5a0: 94000000 bl 0 <foo>
5a4: aa0003e1 mov x1, x0
5a8: d28175a0 mov x0, #0xbad
5ac: d4000003 smc #0x0
5b0: b4000073 cbz x19, 5bc <bar+0x34>
5b4: a9000660 stp x0, x1, [x19]
5b8: a9010e62 stp x2, x3, [x19, #16]
5bc: f9400bf3 ldr x19, [sp, #16]
5c0: a8c27bfd ldp x29, x30, [sp], #32
5c4: d65f03c0 ret
Reported-by: Julien Grall <julien.grall@arm.com>
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
2018-08-24 21:08:30 +07:00
|
|
|
register unsigned long r4 asm("r4") = __a4
|
2018-02-07 00:56:19 +07:00
|
|
|
|
|
|
|
#define __declare_arg_5(a0, a1, a2, a3, a4, a5, res) \
|
arm/arm64: smccc-1.1: Handle function result as parameters
If someone has the silly idea to write something along those lines:
extern u64 foo(void);
void bar(struct arm_smccc_res *res)
{
arm_smccc_1_1_smc(0xbad, foo(), res);
}
they are in for a surprise, as this gets compiled as:
0000000000000588 <bar>:
588: a9be7bfd stp x29, x30, [sp, #-32]!
58c: 910003fd mov x29, sp
590: f9000bf3 str x19, [sp, #16]
594: aa0003f3 mov x19, x0
598: aa1e03e0 mov x0, x30
59c: 94000000 bl 0 <_mcount>
5a0: 94000000 bl 0 <foo>
5a4: aa0003e1 mov x1, x0
5a8: d4000003 smc #0x0
5ac: b4000073 cbz x19, 5b8 <bar+0x30>
5b0: a9000660 stp x0, x1, [x19]
5b4: a9010e62 stp x2, x3, [x19, #16]
5b8: f9400bf3 ldr x19, [sp, #16]
5bc: a8c27bfd ldp x29, x30, [sp], #32
5c0: d65f03c0 ret
5c4: d503201f nop
The call to foo "overwrites" the x0 register for the return value,
and we end up calling the wrong secure service.
A solution is to evaluate all the parameters before assigning
anything to specific registers, leading to the expected result:
0000000000000588 <bar>:
588: a9be7bfd stp x29, x30, [sp, #-32]!
58c: 910003fd mov x29, sp
590: f9000bf3 str x19, [sp, #16]
594: aa0003f3 mov x19, x0
598: aa1e03e0 mov x0, x30
59c: 94000000 bl 0 <_mcount>
5a0: 94000000 bl 0 <foo>
5a4: aa0003e1 mov x1, x0
5a8: d28175a0 mov x0, #0xbad
5ac: d4000003 smc #0x0
5b0: b4000073 cbz x19, 5bc <bar+0x34>
5b4: a9000660 stp x0, x1, [x19]
5b8: a9010e62 stp x2, x3, [x19, #16]
5bc: f9400bf3 ldr x19, [sp, #16]
5c0: a8c27bfd ldp x29, x30, [sp], #32
5c4: d65f03c0 ret
Reported-by: Julien Grall <julien.grall@arm.com>
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
2018-08-24 21:08:30 +07:00
|
|
|
typeof(a5) __a5 = a5; \
|
2018-02-07 00:56:19 +07:00
|
|
|
__declare_arg_4(a0, a1, a2, a3, a4, res); \
|
arm/arm64: smccc-1.1: Handle function result as parameters
If someone has the silly idea to write something along those lines:
extern u64 foo(void);
void bar(struct arm_smccc_res *res)
{
arm_smccc_1_1_smc(0xbad, foo(), res);
}
they are in for a surprise, as this gets compiled as:
0000000000000588 <bar>:
588: a9be7bfd stp x29, x30, [sp, #-32]!
58c: 910003fd mov x29, sp
590: f9000bf3 str x19, [sp, #16]
594: aa0003f3 mov x19, x0
598: aa1e03e0 mov x0, x30
59c: 94000000 bl 0 <_mcount>
5a0: 94000000 bl 0 <foo>
5a4: aa0003e1 mov x1, x0
5a8: d4000003 smc #0x0
5ac: b4000073 cbz x19, 5b8 <bar+0x30>
5b0: a9000660 stp x0, x1, [x19]
5b4: a9010e62 stp x2, x3, [x19, #16]
5b8: f9400bf3 ldr x19, [sp, #16]
5bc: a8c27bfd ldp x29, x30, [sp], #32
5c0: d65f03c0 ret
5c4: d503201f nop
The call to foo "overwrites" the x0 register for the return value,
and we end up calling the wrong secure service.
A solution is to evaluate all the parameters before assigning
anything to specific registers, leading to the expected result:
0000000000000588 <bar>:
588: a9be7bfd stp x29, x30, [sp, #-32]!
58c: 910003fd mov x29, sp
590: f9000bf3 str x19, [sp, #16]
594: aa0003f3 mov x19, x0
598: aa1e03e0 mov x0, x30
59c: 94000000 bl 0 <_mcount>
5a0: 94000000 bl 0 <foo>
5a4: aa0003e1 mov x1, x0
5a8: d28175a0 mov x0, #0xbad
5ac: d4000003 smc #0x0
5b0: b4000073 cbz x19, 5bc <bar+0x34>
5b4: a9000660 stp x0, x1, [x19]
5b8: a9010e62 stp x2, x3, [x19, #16]
5bc: f9400bf3 ldr x19, [sp, #16]
5c0: a8c27bfd ldp x29, x30, [sp], #32
5c4: d65f03c0 ret
Reported-by: Julien Grall <julien.grall@arm.com>
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
2018-08-24 21:08:30 +07:00
|
|
|
register unsigned long r5 asm("r5") = __a5
|
2018-02-07 00:56:19 +07:00
|
|
|
|
|
|
|
#define __declare_arg_6(a0, a1, a2, a3, a4, a5, a6, res) \
|
arm/arm64: smccc-1.1: Handle function result as parameters
If someone has the silly idea to write something along those lines:
extern u64 foo(void);
void bar(struct arm_smccc_res *res)
{
arm_smccc_1_1_smc(0xbad, foo(), res);
}
they are in for a surprise, as this gets compiled as:
0000000000000588 <bar>:
588: a9be7bfd stp x29, x30, [sp, #-32]!
58c: 910003fd mov x29, sp
590: f9000bf3 str x19, [sp, #16]
594: aa0003f3 mov x19, x0
598: aa1e03e0 mov x0, x30
59c: 94000000 bl 0 <_mcount>
5a0: 94000000 bl 0 <foo>
5a4: aa0003e1 mov x1, x0
5a8: d4000003 smc #0x0
5ac: b4000073 cbz x19, 5b8 <bar+0x30>
5b0: a9000660 stp x0, x1, [x19]
5b4: a9010e62 stp x2, x3, [x19, #16]
5b8: f9400bf3 ldr x19, [sp, #16]
5bc: a8c27bfd ldp x29, x30, [sp], #32
5c0: d65f03c0 ret
5c4: d503201f nop
The call to foo "overwrites" the x0 register for the return value,
and we end up calling the wrong secure service.
A solution is to evaluate all the parameters before assigning
anything to specific registers, leading to the expected result:
0000000000000588 <bar>:
588: a9be7bfd stp x29, x30, [sp, #-32]!
58c: 910003fd mov x29, sp
590: f9000bf3 str x19, [sp, #16]
594: aa0003f3 mov x19, x0
598: aa1e03e0 mov x0, x30
59c: 94000000 bl 0 <_mcount>
5a0: 94000000 bl 0 <foo>
5a4: aa0003e1 mov x1, x0
5a8: d28175a0 mov x0, #0xbad
5ac: d4000003 smc #0x0
5b0: b4000073 cbz x19, 5bc <bar+0x34>
5b4: a9000660 stp x0, x1, [x19]
5b8: a9010e62 stp x2, x3, [x19, #16]
5bc: f9400bf3 ldr x19, [sp, #16]
5c0: a8c27bfd ldp x29, x30, [sp], #32
5c4: d65f03c0 ret
Reported-by: Julien Grall <julien.grall@arm.com>
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
2018-08-24 21:08:30 +07:00
|
|
|
typeof(a6) __a6 = a6; \
|
2018-02-07 00:56:19 +07:00
|
|
|
__declare_arg_5(a0, a1, a2, a3, a4, a5, res); \
|
arm/arm64: smccc-1.1: Handle function result as parameters
If someone has the silly idea to write something along those lines:
extern u64 foo(void);
void bar(struct arm_smccc_res *res)
{
arm_smccc_1_1_smc(0xbad, foo(), res);
}
they are in for a surprise, as this gets compiled as:
0000000000000588 <bar>:
588: a9be7bfd stp x29, x30, [sp, #-32]!
58c: 910003fd mov x29, sp
590: f9000bf3 str x19, [sp, #16]
594: aa0003f3 mov x19, x0
598: aa1e03e0 mov x0, x30
59c: 94000000 bl 0 <_mcount>
5a0: 94000000 bl 0 <foo>
5a4: aa0003e1 mov x1, x0
5a8: d4000003 smc #0x0
5ac: b4000073 cbz x19, 5b8 <bar+0x30>
5b0: a9000660 stp x0, x1, [x19]
5b4: a9010e62 stp x2, x3, [x19, #16]
5b8: f9400bf3 ldr x19, [sp, #16]
5bc: a8c27bfd ldp x29, x30, [sp], #32
5c0: d65f03c0 ret
5c4: d503201f nop
The call to foo "overwrites" the x0 register for the return value,
and we end up calling the wrong secure service.
A solution is to evaluate all the parameters before assigning
anything to specific registers, leading to the expected result:
0000000000000588 <bar>:
588: a9be7bfd stp x29, x30, [sp, #-32]!
58c: 910003fd mov x29, sp
590: f9000bf3 str x19, [sp, #16]
594: aa0003f3 mov x19, x0
598: aa1e03e0 mov x0, x30
59c: 94000000 bl 0 <_mcount>
5a0: 94000000 bl 0 <foo>
5a4: aa0003e1 mov x1, x0
5a8: d28175a0 mov x0, #0xbad
5ac: d4000003 smc #0x0
5b0: b4000073 cbz x19, 5bc <bar+0x34>
5b4: a9000660 stp x0, x1, [x19]
5b8: a9010e62 stp x2, x3, [x19, #16]
5bc: f9400bf3 ldr x19, [sp, #16]
5c0: a8c27bfd ldp x29, x30, [sp], #32
5c4: d65f03c0 ret
Reported-by: Julien Grall <julien.grall@arm.com>
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
2018-08-24 21:08:30 +07:00
|
|
|
register unsigned long r6 asm("r6") = __a6
|
2018-02-07 00:56:19 +07:00
|
|
|
|
|
|
|
#define __declare_arg_7(a0, a1, a2, a3, a4, a5, a6, a7, res) \
|
arm/arm64: smccc-1.1: Handle function result as parameters
If someone has the silly idea to write something along those lines:
extern u64 foo(void);
void bar(struct arm_smccc_res *res)
{
arm_smccc_1_1_smc(0xbad, foo(), res);
}
they are in for a surprise, as this gets compiled as:
0000000000000588 <bar>:
588: a9be7bfd stp x29, x30, [sp, #-32]!
58c: 910003fd mov x29, sp
590: f9000bf3 str x19, [sp, #16]
594: aa0003f3 mov x19, x0
598: aa1e03e0 mov x0, x30
59c: 94000000 bl 0 <_mcount>
5a0: 94000000 bl 0 <foo>
5a4: aa0003e1 mov x1, x0
5a8: d4000003 smc #0x0
5ac: b4000073 cbz x19, 5b8 <bar+0x30>
5b0: a9000660 stp x0, x1, [x19]
5b4: a9010e62 stp x2, x3, [x19, #16]
5b8: f9400bf3 ldr x19, [sp, #16]
5bc: a8c27bfd ldp x29, x30, [sp], #32
5c0: d65f03c0 ret
5c4: d503201f nop
The call to foo "overwrites" the x0 register for the return value,
and we end up calling the wrong secure service.
A solution is to evaluate all the parameters before assigning
anything to specific registers, leading to the expected result:
0000000000000588 <bar>:
588: a9be7bfd stp x29, x30, [sp, #-32]!
58c: 910003fd mov x29, sp
590: f9000bf3 str x19, [sp, #16]
594: aa0003f3 mov x19, x0
598: aa1e03e0 mov x0, x30
59c: 94000000 bl 0 <_mcount>
5a0: 94000000 bl 0 <foo>
5a4: aa0003e1 mov x1, x0
5a8: d28175a0 mov x0, #0xbad
5ac: d4000003 smc #0x0
5b0: b4000073 cbz x19, 5bc <bar+0x34>
5b4: a9000660 stp x0, x1, [x19]
5b8: a9010e62 stp x2, x3, [x19, #16]
5bc: f9400bf3 ldr x19, [sp, #16]
5c0: a8c27bfd ldp x29, x30, [sp], #32
5c4: d65f03c0 ret
Reported-by: Julien Grall <julien.grall@arm.com>
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
2018-08-24 21:08:30 +07:00
|
|
|
typeof(a7) __a7 = a7; \
|
2018-02-07 00:56:19 +07:00
|
|
|
__declare_arg_6(a0, a1, a2, a3, a4, a5, a6, res); \
|
arm/arm64: smccc-1.1: Handle function result as parameters
If someone has the silly idea to write something along those lines:
extern u64 foo(void);
void bar(struct arm_smccc_res *res)
{
arm_smccc_1_1_smc(0xbad, foo(), res);
}
they are in for a surprise, as this gets compiled as:
0000000000000588 <bar>:
588: a9be7bfd stp x29, x30, [sp, #-32]!
58c: 910003fd mov x29, sp
590: f9000bf3 str x19, [sp, #16]
594: aa0003f3 mov x19, x0
598: aa1e03e0 mov x0, x30
59c: 94000000 bl 0 <_mcount>
5a0: 94000000 bl 0 <foo>
5a4: aa0003e1 mov x1, x0
5a8: d4000003 smc #0x0
5ac: b4000073 cbz x19, 5b8 <bar+0x30>
5b0: a9000660 stp x0, x1, [x19]
5b4: a9010e62 stp x2, x3, [x19, #16]
5b8: f9400bf3 ldr x19, [sp, #16]
5bc: a8c27bfd ldp x29, x30, [sp], #32
5c0: d65f03c0 ret
5c4: d503201f nop
The call to foo "overwrites" the x0 register for the return value,
and we end up calling the wrong secure service.
A solution is to evaluate all the parameters before assigning
anything to specific registers, leading to the expected result:
0000000000000588 <bar>:
588: a9be7bfd stp x29, x30, [sp, #-32]!
58c: 910003fd mov x29, sp
590: f9000bf3 str x19, [sp, #16]
594: aa0003f3 mov x19, x0
598: aa1e03e0 mov x0, x30
59c: 94000000 bl 0 <_mcount>
5a0: 94000000 bl 0 <foo>
5a4: aa0003e1 mov x1, x0
5a8: d28175a0 mov x0, #0xbad
5ac: d4000003 smc #0x0
5b0: b4000073 cbz x19, 5bc <bar+0x34>
5b4: a9000660 stp x0, x1, [x19]
5b8: a9010e62 stp x2, x3, [x19, #16]
5bc: f9400bf3 ldr x19, [sp, #16]
5c0: a8c27bfd ldp x29, x30, [sp], #32
5c4: d65f03c0 ret
Reported-by: Julien Grall <julien.grall@arm.com>
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
2018-08-24 21:08:30 +07:00
|
|
|
register unsigned long r7 asm("r7") = __a7
|
2018-02-07 00:56:19 +07:00
|
|
|
|
|
|
|
#define ___declare_args(count, ...) __declare_arg_ ## count(__VA_ARGS__)
|
|
|
|
#define __declare_args(count, ...) ___declare_args(count, __VA_ARGS__)
|
|
|
|
|
|
|
|
#define ___constraints(count) \
|
|
|
|
: __constraint_write_ ## count \
|
|
|
|
: __constraint_read_ ## count \
|
|
|
|
: "memory"
|
|
|
|
#define __constraints(count) ___constraints(count)
|
|
|
|
|
|
|
|
/*
|
|
|
|
* We have an output list that is not necessarily used, and GCC feels
|
|
|
|
* entitled to optimise the whole sequence away. "volatile" is what
|
|
|
|
* makes it stick.
|
|
|
|
*/
|
|
|
|
#define __arm_smccc_1_1(inst, ...) \
|
|
|
|
do { \
|
|
|
|
__declare_args(__count_args(__VA_ARGS__), __VA_ARGS__); \
|
|
|
|
asm volatile(inst "\n" \
|
|
|
|
__constraints(__count_args(__VA_ARGS__))); \
|
|
|
|
if (___res) \
|
|
|
|
*___res = (typeof(*___res)){r0, r1, r2, r3}; \
|
|
|
|
} while (0)
|
|
|
|
|
|
|
|
/*
|
|
|
|
* arm_smccc_1_1_smc() - make an SMCCC v1.1 compliant SMC call
|
|
|
|
*
|
|
|
|
* This is a variadic macro taking one to eight source arguments, and
|
|
|
|
* an optional return structure.
|
|
|
|
*
|
|
|
|
* @a0-a7: arguments passed in registers 0 to 7
|
|
|
|
* @res: result values from registers 0 to 3
|
|
|
|
*
|
|
|
|
* This macro is used to make SMC calls following SMC Calling Convention v1.1.
|
|
|
|
* The content of the supplied param are copied to registers 0 to 7 prior
|
|
|
|
* to the SMC instruction. The return values are updated with the content
|
|
|
|
* from register 0 to 3 on return from the SMC instruction if not NULL.
|
|
|
|
*/
|
|
|
|
#define arm_smccc_1_1_smc(...) __arm_smccc_1_1(SMCCC_SMC_INST, __VA_ARGS__)
|
|
|
|
|
|
|
|
/*
|
|
|
|
* arm_smccc_1_1_hvc() - make an SMCCC v1.1 compliant HVC call
|
|
|
|
*
|
|
|
|
* This is a variadic macro taking one to eight source arguments, and
|
|
|
|
* an optional return structure.
|
|
|
|
*
|
|
|
|
* @a0-a7: arguments passed in registers 0 to 7
|
|
|
|
* @res: result values from registers 0 to 3
|
|
|
|
*
|
|
|
|
* This macro is used to make HVC calls following SMC Calling Convention v1.1.
|
|
|
|
* The content of the supplied param are copied to registers 0 to 7 prior
|
|
|
|
* to the HVC instruction. The return values are updated with the content
|
|
|
|
* from register 0 to 3 on return from the HVC instruction if not NULL.
|
|
|
|
*/
|
|
|
|
#define arm_smccc_1_1_hvc(...) __arm_smccc_1_1(SMCCC_HVC_INST, __VA_ARGS__)
|
|
|
|
|
2018-05-29 19:11:05 +07:00
|
|
|
/* Return codes defined in ARM DEN 0070A */
|
|
|
|
#define SMCCC_RET_SUCCESS 0
|
|
|
|
#define SMCCC_RET_NOT_SUPPORTED -1
|
|
|
|
#define SMCCC_RET_NOT_REQUIRED -2
|
|
|
|
|
2017-02-02 00:28:28 +07:00
|
|
|
#endif /*__ASSEMBLY__*/
|
2016-01-04 21:37:32 +07:00
|
|
|
#endif /*__LINUX_ARM_SMCCC_H*/
|