sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
d932199d39a5e8e47e2d431e897a765b70ceb51e
system76-edk2/MdePkg/Library/BaseLib/AArch64/SetJumpLongJump.S
Jan Bobek 9380177354 MdePkg/BaseLib: Fix invalid memory access in AArch64 SetJump/LongJump 
Correct the memory offsets used in REG_ONE/REG_PAIR macros to
synchronize them with definition of the BASE_LIBRARY_JUMP_BUFFER
structure on AArch64.

The REG_ONE macro declares only a single 64-bit register be
read/written; however, the subsequent offset is 16 bytes larger,
creating an unused memory gap in the middle of the structure and
causing SetJump/LongJump functions to read/write 8 bytes of memory
past the end of the jump buffer struct.

Signed-off-by: Jan Bobek <jbobek@nvidia.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
Acked-by: Michael D Kinney <michael.d.kinney@intel.com>
Acked-by: Liming Gao <gaoliming@byosoft.com.cn>
2020-10-13 03:20:49 +00:00

92 lines
2.8 KiB
ArmAsm
Raw Blame History

#------------------------------------------------------------------------------
#
# Copyright (c) 2009-2013, ARM Ltd. All rights reserved.
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
#------------------------------------------------------------------------------
.text
.p2align 3
GCC_ASM_EXPORT(SetJump)
GCC_ASM_EXPORT(InternalLongJump)
#define GPR_LAYOUT \
REG_PAIR (x19, x20, 0); \
REG_PAIR (x21, x22, 16); \
REG_PAIR (x23, x24, 32); \
REG_PAIR (x25, x26, 48); \
REG_PAIR (x27, x28, 64); \
REG_PAIR (x29, x30, 80);/*FP, LR*/ \
REG_ONE (x16, 96) /*IP0*/
#define FPR_LAYOUT \
REG_PAIR ( d8, d9, 104); \
REG_PAIR (d10, d11, 120); \
REG_PAIR (d12, d13, 136); \
REG_PAIR (d14, d15, 152);
#/**
# Saves the current CPU context that can be restored with a call to LongJump() and returns 0.#
#
# Saves the current CPU context in the buffer specified by JumpBuffer and returns 0. The initial
# call to SetJump() must always return 0. Subsequent calls to LongJump() cause a non-zero
# value to be returned by SetJump().
#
# If JumpBuffer is NULL, then ASSERT().
# For IPF CPUs, if JumpBuffer is not aligned on a 16-byte boundary, then ASSERT().
#
# @param JumpBuffer A pointer to CPU context buffer.
#
#**/
#
#UINTN
#EFIAPI
#SetJump (
# IN BASE_LIBRARY_JUMP_BUFFER *JumpBuffer // X0
# );
#
ASM_PFX(SetJump):
mov x16, sp // use IP0 so save SP
#define REG_PAIR(REG1, REG2, OFFS) stp REG1, REG2, [x0, OFFS]
#define REG_ONE(REG1, OFFS) str REG1, [x0, OFFS]
GPR_LAYOUT
FPR_LAYOUT
#undef REG_PAIR
#undef REG_ONE
mov w0, #0
ret
#/**
# Restores the CPU context that was saved with SetJump().#
#
# Restores the CPU context from the buffer specified by JumpBuffer.
# This function never returns to the caller.
# Instead is resumes execution based on the state of JumpBuffer.
#
# @param JumpBuffer A pointer to CPU context buffer.
# @param Value The value to return when the SetJump() context is restored.
#
#**/
#VOID
#EFIAPI
#InternalLongJump (
# IN BASE_LIBRARY_JUMP_BUFFER *JumpBuffer, // X0
# IN UINTN Value // X1
# );
#
ASM_PFX(InternalLongJump):
#define REG_PAIR(REG1, REG2, OFFS) ldp REG1, REG2, [x0, OFFS]
#define REG_ONE(REG1, OFFS) ldr REG1, [x0, OFFS]
GPR_LAYOUT
FPR_LAYOUT
#undef REG_PAIR
#undef REG_ONE
mov sp, x16
cmp w1, #0
mov w0, #1
csel w0, w1, w0, ne
// use br not ret, as ret is guaranteed to mispredict
br x30
ASM_FUNCTION_REMOVE_IF_UNREFERENCED
Reference in New Issue View Git Blame Copy Permalink