From 077e545662963fc9d656bf13ed4d811e9d0590ed Mon Sep 17 00:00:00 2001
From: Icarus Sparry <icarus.w.sparry@intel.com>
Date: Sat, 26 Dec 2015 12:18:03 -0800
Subject: cortex-m: proper handling of input parameters to SVC handler

According to section 2.7 of Cortex-M3 Application Note 179: A Cortex-M3
processor can get a "late arriving exception" and this will corrupt the
values of the r0, r1, r2 and r3 registers passed in an svc call.

http://infocenter.arm.com/help/topic/com.arm.doc.dai0179b/AppsNote179.pdf

The fix is to reload the two registers we care about, r0 and r1, from
the stack to ensure the input parameters to SVC handler, desched (r0)
and resched (r1), are valid.

BUG=chrome-os-partner:48499
BRANCH=none
TEST=Used assert to verify resched is a valid TASK ID.

Change-Id: Ie2229472e709febe16eee3c2cd986e3815fda076
Signed-off-by: Icarus Sparry <icarus.w.sparry@intel.com>
Signed-off-by: Kevin K Wong <kevin.k.wong@intel.com>
Reviewed-on: https://chromium-review.googlesource.com/319849
Commit-Ready: Icarus W Sparry <icarus.w.sparry@intel.com>
Tested-by: Icarus W Sparry <icarus.w.sparry@intel.com>
Reviewed-by: Icarus W Sparry <icarus.w.sparry@intel.com>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
---
 core/cortex-m/init.S | 26 +++++++++++++++++++++++++-
 core/cortex-m/task.c |  1 +
 2 files changed, 26 insertions(+), 1 deletion(-)

(limited to 'core')

diff --git a/core/cortex-m/init.S b/core/cortex-m/init.S
index ac82530509..bd8d19a638 100644
--- a/core/cortex-m/init.S
+++ b/core/cortex-m/init.S
@@ -34,7 +34,7 @@ vector usage_fault    		  @ Usage fault handler
 .long 0               		  @ reserved
 .long 0               		  @ reserved
 .long 0               		  @ reserved
-vector svc            		  @ SWI
+.long svc_helper_handler	  @ SWI
 vector debug          		  @ Debug handler
 .long 0               		  @ reserved
 vector pendsv         		  @ PendSV handler
@@ -384,6 +384,30 @@ fini_loop:
 default_handler:
 	b exception_panic
 
+/*
+ * SVC handler helper
+ *
+ * Work around issue where a late exception can corrupt r0 to r3,
+ * see section 2.7 (svc) of Cortex-M3 Application Note 179:
+ * http://infocenter.arm.com/help/topic/com.arm.doc.dai0179b/AppsNote179.pdf
+ *
+ * This approach differs slightly from the one in the document,
+ * it only loads r0 (desched) and r1 (resched) for svc_handler.
+ */
+.thumb_func
+svc_helper_handler:
+	tst lr, #4		/* see if called from supervisor mode */
+	mrs r2, msp		/* get the correct stack pointer into r2 */
+	it ne
+	mrsne r2, psp
+	ldr r1, [r2, #4]	/* get regs from stack frame */
+	ldr r0, [r2]
+	b svc_handler		/* call svc_handler */
+
+/* Call default_handler if svc_handler is not found (task.c is not built) */
+.weak svc_handler
+.set svc_handler, default_handler
+
 .align 2
 _bss_start:
 .long __bss_start
diff --git a/core/cortex-m/task.c b/core/cortex-m/task.c
index 510e4cba32..a4417f4fff 100644
--- a/core/cortex-m/task.c
+++ b/core/cortex-m/task.c
@@ -263,6 +263,7 @@ void svc_handler(int desched, task_id_t resched)
 		 */
 		tasks_ready &= ~(1 << (current - tasks));
 	}
+	ASSERT(resched <= TASK_ID_COUNT);
 	tasks_ready |= 1 << resched;
 
 	ASSERT(tasks_ready);
-- 
cgit v1.2.1