SiP: Don't validate entrypoint if state switch is impossible
Switching execution states is only possible if EL3 is AArch64.
As such there is no need to validate the entrypoint on AArch32 builds.
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
Change-Id: I3c1eb25b5df296a492870641d274bf65213c6608
diff --git a/plat/arm/common/execution_state_switch.c b/plat/arm/common/aarch64/execution_state_switch.c
similarity index 96%
rename from plat/arm/common/execution_state_switch.c
rename to plat/arm/common/aarch64/execution_state_switch.c
index 00ac16e..8835fa1 100644
--- a/plat/arm/common/execution_state_switch.c
+++ b/plat/arm/common/aarch64/execution_state_switch.c
@@ -39,8 +39,6 @@
uint32_t cookie_lo,
void *handle)
{
- /* Execution state can be switched only if EL3 is AArch64 */
-#ifdef __aarch64__
bool caller_64, thumb = false, from_el2;
unsigned int el, endianness;
u_register_t spsr, pc, scr, sctlr;
@@ -48,6 +46,11 @@
cpu_context_t *ctx = (cpu_context_t *) handle;
el3_state_t *el3_ctx = get_el3state_ctx(ctx);
+ /* Validate supplied entry point */
+ pc = (u_register_t) (((uint64_t) pc_hi << 32) | pc_lo);
+ if (arm_validate_ns_entrypoint(pc) != 0)
+ goto invalid_param;
+
/* That the SMC originated from NS is already validated by the caller */
/*
@@ -173,7 +176,6 @@
SMC_RET1(handle, STATE_SW_E_PARAM);
exec_denied:
-#endif /* __aarch64__ */
/* State switch denied */
SMC_RET1(handle, STATE_SW_E_DENIED);
}
diff --git a/plat/arm/common/arm_common.mk b/plat/arm/common/arm_common.mk
index acc3797..ccb851e 100644
--- a/plat/arm/common/arm_common.mk
+++ b/plat/arm/common/arm_common.mk
@@ -215,13 +215,15 @@
BL31_SOURCES += plat/arm/common/arm_bl31_setup.c \
plat/arm/common/arm_pm.c \
plat/arm/common/arm_topology.c \
- plat/arm/common/execution_state_switch.c \
plat/common/plat_psci_common.c
ifeq (${ENABLE_PMF}, 1)
-BL31_SOURCES += plat/arm/common/arm_sip_svc.c \
+ifeq (${ARCH}, aarch64)
+BL31_SOURCES += plat/arm/common/aarch64/execution_state_switch.c\
+ plat/arm/common/arm_sip_svc.c \
lib/pmf/pmf_smc.c
endif
+endif
ifeq (${EL3_EXCEPTION_HANDLING},1)
BL31_SOURCES += plat/arm/common/aarch64/arm_ehf.c
diff --git a/plat/arm/common/arm_sip_svc.c b/plat/arm/common/arm_sip_svc.c
index 3d308a3..a61f5f8 100644
--- a/plat/arm/common/arm_sip_svc.c
+++ b/plat/arm/common/arm_sip_svc.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2016-2018, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2016-2019, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -50,23 +50,22 @@
switch (smc_fid) {
case ARM_SIP_SVC_EXE_STATE_SWITCH: {
- u_register_t pc;
-
+ /* Execution state can be switched only if EL3 is AArch64 */
+#ifdef __aarch64__
/* Allow calls from non-secure only */
if (!is_caller_non_secure(flags))
SMC_RET1(handle, STATE_SW_E_DENIED);
- /* Validate supplied entry point */
- pc = (u_register_t) ((x1 << 32) | (uint32_t) x2);
- if (arm_validate_ns_entrypoint(pc) != 0)
- SMC_RET1(handle, STATE_SW_E_PARAM);
-
/*
* Pointers used in execution state switch are all 32 bits wide
*/
return (uintptr_t) arm_execution_state_switch(smc_fid,
(uint32_t) x1, (uint32_t) x2, (uint32_t) x3,
(uint32_t) x4, handle);
+#else
+ /* State switch denied */
+ SMC_RET1(handle, STATE_SW_E_DENIED);
+#endif /* __aarch64__ */
}
case ARM_SIP_SVC_CALL_COUNT: