[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PULL 17/42] target/arm: Allow for floating point in callee
From: |
Peter Maydell |
Subject: |
[Qemu-devel] [PULL 17/42] target/arm: Allow for floating point in callee stack integrity check |
Date: |
Mon, 29 Apr 2019 18:00:05 +0100 |
The magic value pushed onto the callee stack as an integrity
check is different if floating point is present.
Signed-off-by: Peter Maydell <address@hidden>
Reviewed-by: Richard Henderson <address@hidden>
Message-id: address@hidden
---
target/arm/helper.c | 22 +++++++++++++++++++---
1 file changed, 19 insertions(+), 3 deletions(-)
diff --git a/target/arm/helper.c b/target/arm/helper.c
index da0b6202400..c7b1a8d231d 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -7979,6 +7979,21 @@ load_fail:
return false;
}
+static uint32_t v7m_integrity_sig(CPUARMState *env, uint32_t lr)
+{
+ /*
+ * Return the integrity signature value for the callee-saves
+ * stack frame section. @lr is the exception return payload/LR value
+ * whose FType bit forms bit 0 of the signature if FP is present.
+ */
+ uint32_t sig = 0xfefa125a;
+
+ if (!arm_feature(env, ARM_FEATURE_VFP) || (lr & R_V7M_EXCRET_FTYPE_MASK)) {
+ sig |= 1;
+ }
+ return sig;
+}
+
static bool v7m_push_callee_stack(ARMCPU *cpu, uint32_t lr, bool dotailchain,
bool ignore_faults)
{
@@ -7993,6 +8008,7 @@ static bool v7m_push_callee_stack(ARMCPU *cpu, uint32_t
lr, bool dotailchain,
bool stacked_ok;
uint32_t limit;
bool want_psp;
+ uint32_t sig;
if (dotailchain) {
bool mode = lr & R_V7M_EXCRET_MODE_MASK;
@@ -8034,8 +8050,9 @@ static bool v7m_push_callee_stack(ARMCPU *cpu, uint32_t
lr, bool dotailchain,
/* Write as much of the stack frame as we can. A write failure may
* cause us to pend a derived exception.
*/
+ sig = v7m_integrity_sig(env, lr);
stacked_ok =
- v7m_stack_write(cpu, frameptr, 0xfefa125b, mmu_idx, ignore_faults) &&
+ v7m_stack_write(cpu, frameptr, sig, mmu_idx, ignore_faults) &&
v7m_stack_write(cpu, frameptr + 0x8, env->regs[4], mmu_idx,
ignore_faults) &&
v7m_stack_write(cpu, frameptr + 0xc, env->regs[5], mmu_idx,
@@ -8640,12 +8657,11 @@ static void do_v7m_exception_exit(ARMCPU *cpu)
if (return_to_secure &&
((excret & R_V7M_EXCRET_ES_MASK) == 0 ||
(excret & R_V7M_EXCRET_DCRS_MASK) == 0)) {
- uint32_t expected_sig = 0xfefa125b;
uint32_t actual_sig;
pop_ok = v7m_stack_read(cpu, &actual_sig, frameptr, mmu_idx);
- if (pop_ok && expected_sig != actual_sig) {
+ if (pop_ok && v7m_integrity_sig(env, excret) != actual_sig) {
/* Take a SecureFault on the current stack */
env->v7m.sfsr |= R_V7M_SFSR_INVIS_MASK;
armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_SECURE, false);
--
2.20.1
- [Qemu-devel] [PULL 00/42] target-arm queue, Peter Maydell, 2019/04/29
- [Qemu-devel] [PULL 02/42] hw/ssi/xilinx_spips: Avoid variable length array, Peter Maydell, 2019/04/29
- [Qemu-devel] [PULL 06/42] target/arm: Implement dummy versions of M-profile FP-related registers, Peter Maydell, 2019/04/29
- [Qemu-devel] [PULL 05/42] hw/intc/armv7m_nvic: Allow reading of M-profile MVFR* registers, Peter Maydell, 2019/04/29
- [Qemu-devel] [PULL 03/42] configure: Remove --source-path option, Peter Maydell, 2019/04/29
- [Qemu-devel] [PULL 01/42] hw/arm/smmuv3: Remove SMMUNotifierNode, Peter Maydell, 2019/04/29
- [Qemu-devel] [PULL 07/42] target/arm: Disable most VFP sysregs for M-profile, Peter Maydell, 2019/04/29
- [Qemu-devel] [PULL 15/42] target/arm: Clear CONTROL.SFPA in BXNS and BLXNS, Peter Maydell, 2019/04/29
- [Qemu-devel] [PULL 17/42] target/arm: Allow for floating point in callee stack integrity check,
Peter Maydell <=
- [Qemu-devel] [PULL 13/42] target/arm: Handle floating point registers in exception entry, Peter Maydell, 2019/04/29
- [Qemu-devel] [PULL 09/42] target/arm: Decode FP instructions for M profile, Peter Maydell, 2019/04/29
- [Qemu-devel] [PULL 21/42] target/arm: Set FPCCR.S when executing M-profile floating point insns, Peter Maydell, 2019/04/29
- [Qemu-devel] [PULL 08/42] target/arm: Honour M-profile FP enable bits, Peter Maydell, 2019/04/29
- [Qemu-devel] [PULL 22/42] target/arm: Activate M-profile floating point context when FPCCR.ASPEN is set, Peter Maydell, 2019/04/29
- [Qemu-devel] [PULL 24/42] target/arm: New function armv7m_nvic_set_pending_lazyfp(), Peter Maydell, 2019/04/29
- [Qemu-devel] [PULL 30/42] hw/dma: Compile the bcm2835_dma device as common object, Peter Maydell, 2019/04/29
- [Qemu-devel] [PULL 32/42] hw/arm/nseries: Use TYPE_TMP105 instead of hardcoded string, Peter Maydell, 2019/04/29
- [Qemu-devel] [PULL 04/42] target/arm: Make sure M-profile FPSCR RES0 bits are not settable, Peter Maydell, 2019/04/29
- [Qemu-devel] [PULL 16/42] target/arm: Clean excReturn bits when tail chaining, Peter Maydell, 2019/04/29