1*91f16700Schasinglulu/* 2*91f16700Schasinglulu * Copyright (c) 2018, ARM Limited and Contributors. All rights reserved. 3*91f16700Schasinglulu * 4*91f16700Schasinglulu * SPDX-License-Identifier: BSD-3-Clause 5*91f16700Schasinglulu */ 6*91f16700Schasinglulu 7*91f16700Schasinglulu#include <asm_macros.S> 8*91f16700Schasinglulu 9*91f16700Schasinglulu .globl wa_cve_2017_5715_bpiall_vbar 10*91f16700Schasinglulu 11*91f16700Schasingluluvector_base wa_cve_2017_5715_bpiall_vbar 12*91f16700Schasinglulu /* We encode the exception entry in the bottom 3 bits of SP */ 13*91f16700Schasinglulu add sp, sp, #1 /* Reset: 0b111 */ 14*91f16700Schasinglulu add sp, sp, #1 /* Undef: 0b110 */ 15*91f16700Schasinglulu add sp, sp, #1 /* Syscall: 0b101 */ 16*91f16700Schasinglulu add sp, sp, #1 /* Prefetch abort: 0b100 */ 17*91f16700Schasinglulu add sp, sp, #1 /* Data abort: 0b011 */ 18*91f16700Schasinglulu add sp, sp, #1 /* Reserved: 0b010 */ 19*91f16700Schasinglulu add sp, sp, #1 /* IRQ: 0b001 */ 20*91f16700Schasinglulu nop /* FIQ: 0b000 */ 21*91f16700Schasinglulu 22*91f16700Schasinglulu /* 23*91f16700Schasinglulu * Invalidate the branch predictor, `r0` is a dummy register 24*91f16700Schasinglulu * and is unused. 25*91f16700Schasinglulu */ 26*91f16700Schasinglulu stcopr r0, BPIALL 27*91f16700Schasinglulu isb 28*91f16700Schasinglulu 29*91f16700Schasinglulu /* 30*91f16700Schasinglulu * As we cannot use any temporary registers and cannot 31*91f16700Schasinglulu * clobber SP, we can decode the exception entry using 32*91f16700Schasinglulu * an unrolled binary search. 33*91f16700Schasinglulu * 34*91f16700Schasinglulu * Note, if this code is re-used by other secure payloads, 35*91f16700Schasinglulu * the below exception entry vectors must be changed to 36*91f16700Schasinglulu * the vectors specific to that secure payload. 37*91f16700Schasinglulu */ 38*91f16700Schasinglulu 39*91f16700Schasinglulu tst sp, #4 40*91f16700Schasinglulu bne 1f 41*91f16700Schasinglulu 42*91f16700Schasinglulu tst sp, #2 43*91f16700Schasinglulu bne 3f 44*91f16700Schasinglulu 45*91f16700Schasinglulu /* Expected encoding: 0x1 and 0x0 */ 46*91f16700Schasinglulu tst sp, #1 47*91f16700Schasinglulu /* Restore original value of SP by clearing the bottom 3 bits */ 48*91f16700Schasinglulu bic sp, sp, #0x7 49*91f16700Schasinglulu bne plat_panic_handler /* IRQ */ 50*91f16700Schasinglulu b sp_min_handle_fiq /* FIQ */ 51*91f16700Schasinglulu 52*91f16700Schasinglulu1: 53*91f16700Schasinglulu tst sp, #2 54*91f16700Schasinglulu bne 2f 55*91f16700Schasinglulu 56*91f16700Schasinglulu /* Expected encoding: 0x4 and 0x5 */ 57*91f16700Schasinglulu tst sp, #1 58*91f16700Schasinglulu bic sp, sp, #0x7 59*91f16700Schasinglulu bne sp_min_handle_smc /* Syscall */ 60*91f16700Schasinglulu b plat_panic_handler /* Prefetch abort */ 61*91f16700Schasinglulu 62*91f16700Schasinglulu2: 63*91f16700Schasinglulu /* Expected encoding: 0x7 and 0x6 */ 64*91f16700Schasinglulu tst sp, #1 65*91f16700Schasinglulu bic sp, sp, #0x7 66*91f16700Schasinglulu bne sp_min_entrypoint /* Reset */ 67*91f16700Schasinglulu b plat_panic_handler /* Undef */ 68*91f16700Schasinglulu 69*91f16700Schasinglulu3: 70*91f16700Schasinglulu /* Expected encoding: 0x2 and 0x3 */ 71*91f16700Schasinglulu tst sp, #1 72*91f16700Schasinglulu bic sp, sp, #0x7 73*91f16700Schasinglulu bne plat_panic_handler /* Data abort */ 74*91f16700Schasinglulu b plat_panic_handler /* Reserved */ 75