diff --git a/plat/arm/common/execution_state_switch.c b/plat/arm/common/aarch64/execution_state_switch.c similarity index 96% rename from plat/arm/common/execution_state_switch.c rename to plat/arm/common/aarch64/execution_state_switch.c index 00ac16ef06da66ea2a5e3f628d416181e70a8e75..8835fa1352b0272188bcd060eee19ed3e795371f 100644 --- a/plat/arm/common/execution_state_switch.c +++ b/plat/arm/common/aarch64/execution_state_switch.c @@ -39,8 +39,6 @@ int arm_execution_state_switch(unsigned int smc_fid, uint32_t cookie_lo, void *handle) { - /* Execution state can be switched only if EL3 is AArch64 */ -#ifdef __aarch64__ bool caller_64, thumb = false, from_el2; unsigned int el, endianness; u_register_t spsr, pc, scr, sctlr; @@ -48,6 +46,11 @@ int arm_execution_state_switch(unsigned int smc_fid, cpu_context_t *ctx = (cpu_context_t *) handle; el3_state_t *el3_ctx = get_el3state_ctx(ctx); + /* Validate supplied entry point */ + pc = (u_register_t) (((uint64_t) pc_hi << 32) | pc_lo); + if (arm_validate_ns_entrypoint(pc) != 0) + goto invalid_param; + /* That the SMC originated from NS is already validated by the caller */ /* @@ -173,7 +176,6 @@ invalid_param: SMC_RET1(handle, STATE_SW_E_PARAM); exec_denied: -#endif /* __aarch64__ */ /* State switch denied */ SMC_RET1(handle, STATE_SW_E_DENIED); } diff --git a/plat/arm/common/arm_common.mk b/plat/arm/common/arm_common.mk index acc37979773f225a2f8441ddf6e13dd20f2315f3..ccb851e9d69904b5969fd563b9f61ada2eeae45a 100644 --- a/plat/arm/common/arm_common.mk +++ b/plat/arm/common/arm_common.mk @@ -215,13 +215,15 @@ BL2U_SOURCES += drivers/delay_timer/delay_timer.c \ BL31_SOURCES += plat/arm/common/arm_bl31_setup.c \ plat/arm/common/arm_pm.c \ plat/arm/common/arm_topology.c \ - plat/arm/common/execution_state_switch.c \ plat/common/plat_psci_common.c ifeq (${ENABLE_PMF}, 1) -BL31_SOURCES += plat/arm/common/arm_sip_svc.c \ +ifeq (${ARCH}, aarch64) +BL31_SOURCES += plat/arm/common/aarch64/execution_state_switch.c\ + plat/arm/common/arm_sip_svc.c \ lib/pmf/pmf_smc.c endif +endif ifeq (${EL3_EXCEPTION_HANDLING},1) BL31_SOURCES += plat/arm/common/aarch64/arm_ehf.c diff --git a/plat/arm/common/arm_sip_svc.c b/plat/arm/common/arm_sip_svc.c index 3d308a3351f7bcfe8d9524520d1a43f05d672220..a61f5f8bb9ebfb6308d2024add64c418eb902f06 100644 --- a/plat/arm/common/arm_sip_svc.c +++ b/plat/arm/common/arm_sip_svc.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2016-2018, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2016-2019, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -50,23 +50,22 @@ static uintptr_t arm_sip_handler(unsigned int smc_fid, switch (smc_fid) { case ARM_SIP_SVC_EXE_STATE_SWITCH: { - u_register_t pc; - + /* Execution state can be switched only if EL3 is AArch64 */ +#ifdef __aarch64__ /* Allow calls from non-secure only */ if (!is_caller_non_secure(flags)) SMC_RET1(handle, STATE_SW_E_DENIED); - /* Validate supplied entry point */ - pc = (u_register_t) ((x1 << 32) | (uint32_t) x2); - if (arm_validate_ns_entrypoint(pc) != 0) - SMC_RET1(handle, STATE_SW_E_PARAM); - /* * Pointers used in execution state switch are all 32 bits wide */ return (uintptr_t) arm_execution_state_switch(smc_fid, (uint32_t) x1, (uint32_t) x2, (uint32_t) x3, (uint32_t) x4, handle); +#else + /* State switch denied */ + SMC_RET1(handle, STATE_SW_E_DENIED); +#endif /* __aarch64__ */ } case ARM_SIP_SVC_CALL_COUNT: