Stack_seal_mitigation: Seal stack for interrupt deprivileging
Seal the handler mode stack (MSP) in case of interrupt deprivileging
for Function mode. The interrupt deprivileging is acheived by the ISR
calling an SVC and a seal is applied on MSP before the interrupt is
deprivileged. Other exceptions such as faults runs to panic so there
is no need of sealing caller contexts for these exceptions.
This patch also removes the separate inline assembly implementation for
Mainline as the benefit of a single code to maintain and patch far
outweigh any benefits gained by a separate implementation.
Change-Id: Ice68c3b2104e6c956ee6ebf0a448f0a0eccdf557
Signed-off-by: Ken Liu <ken.liu@arm.com>
Signed-off-by: Mate Toth-Pal <mate.toth-pal@arm.com>
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
diff --git a/secure_fw/spm/cmsis_func/spm_func.c b/secure_fw/spm/cmsis_func/spm_func.c
index 7c2f468..29cb959 100644
--- a/secure_fw/spm/cmsis_func/spm_func.c
+++ b/secure_fw/spm/cmsis_func/spm_func.c
@@ -976,8 +976,12 @@
uint32_t tfm_spm_depriv_return_handler(uint32_t *irq_svc_args, uint32_t lr)
{
enum tfm_status_e res;
- struct tfm_state_context_t *irq_svc_ctx =
- (struct tfm_state_context_t *)irq_svc_args;
+ struct tfm_state_context_t *irq_svc_ctx;
+
+ /* Take into account the sealed stack*/
+ irq_svc_args += 2;
+
+ irq_svc_ctx = (struct tfm_state_context_t *)irq_svc_args;
if (!(lr & EXC_RETURN_STACK_PROCESS)) {
/* Partition request SVC called with MSP active.