From ff1d2ef387f085fdada4a122284b3b044fdde09c Mon Sep 17 00:00:00 2001 From: Manish Pandey Date: Thu, 17 Nov 2022 14:43:15 +0000 Subject: [PATCH] fix(el3_runtime): restore SPSR/ELR/SCR after esb SCR_EL3 register is restored before esb issued and it is assumed that EAs are unmasked at that point, which is wrong, as the SCR_EL3 value at that time is restored from the context of the world where it is returning to. Signed-off-by: Manish Pandey Change-Id: Id1c7150a70b5f589b0dc7c50c359b4d23ee9f256 --- lib/el3_runtime/aarch64/context.S | 42 +++++++++++++++---------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/lib/el3_runtime/aarch64/context.S b/lib/el3_runtime/aarch64/context.S index 6b88a9086..b126b9cd8 100644 --- a/lib/el3_runtime/aarch64/context.S +++ b/lib/el3_runtime/aarch64/context.S @@ -1064,16 +1064,6 @@ func el3_exit msr spsel, #MODE_SP_ELX str x17, [sp, #CTX_EL3STATE_OFFSET + CTX_RUNTIME_SP] - /* ---------------------------------------------------------- - * Restore SPSR_EL3, ELR_EL3 and SCR_EL3 prior to ERET - * ---------------------------------------------------------- - */ - ldr x18, [sp, #CTX_EL3STATE_OFFSET + CTX_SCR_EL3] - ldp x16, x17, [sp, #CTX_EL3STATE_OFFSET + CTX_SPSR_EL3] - msr scr_el3, x18 - msr spsr_el3, x16 - msr elr_el3, x17 - #if IMAGE_BL31 /* ---------------------------------------------------------- * Restore CPTR_EL3. @@ -1103,17 +1093,6 @@ sve_not_enabled: 1: #endif /* IMAGE_BL31 && DYNAMIC_WORKAROUND_CVE_2018_3639 */ - restore_ptw_el1_sys_regs - - /* ---------------------------------------------------------- - * Restore general purpose (including x30), PMCR_EL0 and - * ARMv8.3-PAuth registers. - * Exit EL3 via ERET to a lower exception level. - * ---------------------------------------------------------- - */ - bl restore_gp_pmcr_pauth_regs - ldr x30, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_LR] - #if IMAGE_BL31 && RAS_EXTENSION /* ---------------------------------------------------------- * Issue Error Synchronization Barrier to synchronize SErrors @@ -1127,6 +1106,27 @@ sve_not_enabled: dsb sy #endif /* IMAGE_BL31 && RAS_EXTENSION */ + /* ---------------------------------------------------------- + * Restore SPSR_EL3, ELR_EL3 and SCR_EL3 prior to ERET + * ---------------------------------------------------------- + */ + ldr x18, [sp, #CTX_EL3STATE_OFFSET + CTX_SCR_EL3] + ldp x16, x17, [sp, #CTX_EL3STATE_OFFSET + CTX_SPSR_EL3] + msr scr_el3, x18 + msr spsr_el3, x16 + msr elr_el3, x17 + + restore_ptw_el1_sys_regs + + /* ---------------------------------------------------------- + * Restore general purpose (including x30), PMCR_EL0 and + * ARMv8.3-PAuth registers. + * Exit EL3 via ERET to a lower exception level. + * ---------------------------------------------------------- + */ + bl restore_gp_pmcr_pauth_regs + ldr x30, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_LR] + #ifdef IMAGE_BL31 str xzr, [sp, #CTX_EL3STATE_OFFSET + CTX_IS_IN_EL3] #endif /* IMAGE_BL31 */