1 /* ARMv8-M Security Extensions routines.
2 Copyright (C) 2015-2018 Free Software Foundation, Inc.
3 Contributed by ARM Ltd.
4
5 This file is free software; you can redistribute it and/or modify it
6 under the terms of the GNU General Public License as published by the
7 Free Software Foundation; either version 3, or (at your option) any
8 later version.
9
10 This file is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 General Public License for more details.
14
15 Under Section 7 of GPL version 3, you are granted additional
16 permissions described in the GCC Runtime Library Exception, version
17 3.1, as published by the Free Software Foundation.
18
19 You should have received a copy of the GNU General Public License and
20 a copy of the GCC Runtime Library Exception along with this program;
21 see the files COPYING3 and COPYING.RUNTIME respectively. If not, see
22 <http://www.gnu.org/licenses/>. */
23
24
25 #if __ARM_FEATURE_CMSE & 1
26
27 #include <arm_cmse.h>
28
29 /* ARM intrinsic function to perform a permission check on a given
30 address range. See ACLE changes for ARMv8-M. */
31
32 void *
cmse_check_address_range(void * p,size_t size,int flags)33 cmse_check_address_range (void *p, size_t size, int flags)
34 {
35 cmse_address_info_t permb, perme;
36 char *pb = (char *) p, *pe;
37
38 /* Check if the range wraps around. */
39 if (UINTPTR_MAX - (uintptr_t) p < size)
40 return NULL;
41
42 /* Check if an unknown flag is present. */
43 int known = CMSE_MPU_UNPRIV | CMSE_MPU_READWRITE | CMSE_MPU_READ;
44 int known_secure_level = CMSE_MPU_UNPRIV;
45 #if __ARM_FEATURE_CMSE & 2
46 known |= CMSE_AU_NONSECURE | CMSE_MPU_NONSECURE;
47 known_secure_level |= CMSE_MPU_NONSECURE;
48 #endif
49 if (flags & (~known))
50 return NULL;
51
52 /* Execute the right variant of the TT instructions. */
53 pe = pb + size - 1;
54 const int singleCheck = (((uintptr_t) pb ^ (uintptr_t) pe) < 32);
55 switch (flags & known_secure_level)
56 {
57 case 0:
58 permb = cmse_TT (pb);
59 perme = singleCheck ? permb : cmse_TT (pe);
60 break;
61 case CMSE_MPU_UNPRIV:
62 permb = cmse_TTT (pb);
63 perme = singleCheck ? permb : cmse_TTT (pe);
64 break;
65 #if __ARM_FEATURE_CMSE & 2
66 case CMSE_MPU_NONSECURE:
67 permb = cmse_TTA (pb);
68 perme = singleCheck ? permb : cmse_TTA (pe);
69 break;
70 case CMSE_MPU_UNPRIV | CMSE_MPU_NONSECURE:
71 permb = cmse_TTAT (pb);
72 perme = singleCheck ? permb : cmse_TTAT (pe);
73 break;
74 #endif
75 default:
76 /* Invalid flag, eg. CMSE_MPU_NONSECURE specified but
77 __ARM_FEATURE_CMSE & 2 == 0. */
78 return NULL;
79 }
80
81 /* Check that the range does not cross MPU, SAU, or IDAU boundaries. */
82 if (permb.value != perme.value)
83 return NULL;
84
85 /* Check the permissions on the range. */
86 switch (flags & (~known_secure_level))
87 {
88 #if __ARM_FEATURE_CMSE & 2
89 case CMSE_MPU_READ | CMSE_MPU_READWRITE | CMSE_AU_NONSECURE:
90 case CMSE_MPU_READWRITE | CMSE_AU_NONSECURE:
91 return permb.flags.nonsecure_readwrite_ok ? p : NULL;
92 case CMSE_MPU_READ | CMSE_AU_NONSECURE:
93 return permb.flags.nonsecure_read_ok ? p : NULL;
94 case CMSE_AU_NONSECURE:
95 return permb.flags.secure ? NULL : p;
96 #endif
97 case CMSE_MPU_READ | CMSE_MPU_READWRITE:
98 case CMSE_MPU_READWRITE:
99 return permb.flags.readwrite_ok ? p : NULL;
100 case CMSE_MPU_READ:
101 return permb.flags.read_ok ? p : NULL;
102 default:
103 return NULL;
104 }
105 }
106
107
108 #endif /* __ARM_FEATURE_CMSE & 1. */
109