From be32116e32c3fd51c0d91fd658d534424434e659 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Thu, 4 Jul 2019 17:14:44 +0100 Subject: [PATCH] target/arm: v8M: Check state of exception being returned from In v8M, an attempt to return from an exception which is not active is an illegal exception return. For this purpose, exceptions which can configurably target either Secure or NonSecure are not considered to be active if they are configured for the opposite security state for the one we're trying to return from (eg attempt to return from an NS NMI but NMI targets Secure). In the pseudocode this is handled by IsActiveForState(). Detect this case rather than counting an active exception possibly of the wrong security state as being sufficient. Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson Message-id: 20190617175317.27557-4-peter.maydell@linaro.org --- hw/intc/armv7m_nvic.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c index 330eb728dd..9f8f0d3ff5 100644 --- a/hw/intc/armv7m_nvic.c +++ b/hw/intc/armv7m_nvic.c @@ -860,7 +860,19 @@ int armv7m_nvic_complete_irq(void *opaque, int irq, bool secure) return -1; } - ret = nvic_rettobase(s); + /* + * If this is a configurable exception and it is currently + * targeting the opposite security state from the one we're trying + * to complete it for, this counts as an illegal exception return. + * We still need to deactivate whatever vector the logic above has + * selected, though, as it might not be the same as the one for the + * requested exception number. + */ + if (!exc_is_banked(irq) && exc_targets_secure(s, irq) != secure) { + ret = -1; + } else { + ret = nvic_rettobase(s); + } vec->active = 0; if (vec->level) { -- 2.11.0