1 /* ARMv8-M Security Extensions routines.
2 Copyright (C) 2015-2020 Free Software Foundation, Inc.
3 Contributed by ARM Ltd.
4
5 This file is free software; you can redistribute it and/or modify it
6 under the terms of the GNU General Public License as published by the
7 Free Software Foundation; either version 3, or (at your option) any
8 later version.
9
10 This file is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 General Public License for more details.
14
15 Under Section 7 of GPL version 3, you are granted additional
16 permissions described in the GCC Runtime Library Exception, version
17 3.1, as published by the Free Software Foundation.
18
19 You should have received a copy of the GNU General Public License and
20 a copy of the GCC Runtime Library Exception along with this program;
21 see the files COPYING3 and COPYING.RUNTIME respectively. If not, see
22 <http://www.gnu.org/licenses/>. */
23
24
25 #if __ARM_FEATURE_CMSE & 1
26
27 #include <arm_cmse.h>
28
29 /* ARM intrinsic function to perform a permission check on a given
30 address range. See ACLE changes for ARMv8-M. */
31
32 void *
33 __attribute__ ((warn_unused_result))
cmse_check_address_range(void * p,size_t size,int flags)34 cmse_check_address_range (void *p, size_t size, int flags)
35 {
36 cmse_address_info_t permb, perme;
37 char *pb = (char *) p, *pe;
38
39 /* Check if the range wraps around. */
40 if (__UINTPTR_MAX__ - (__UINTPTR_TYPE__) p < size)
41 return NULL;
42
43 /* Check if an unknown flag is present. */
44 int known = CMSE_MPU_UNPRIV | CMSE_MPU_READWRITE | CMSE_MPU_READ;
45 int known_secure_level = CMSE_MPU_UNPRIV;
46 #if __ARM_FEATURE_CMSE & 2
47 known |= CMSE_AU_NONSECURE | CMSE_MPU_NONSECURE;
48 known_secure_level |= CMSE_MPU_NONSECURE;
49 #endif
50 if (flags & (~known))
51 return NULL;
52
53 /* Execute the right variant of the TT instructions. */
54 pe = pb + size - 1;
55 const int singleCheck
56 = (((__UINTPTR_TYPE__) pb ^ (__UINTPTR_TYPE__) pe) < 32);
57 switch (flags & known_secure_level)
58 {
59 case 0:
60 permb = cmse_TT (pb);
61 perme = singleCheck ? permb : cmse_TT (pe);
62 break;
63 case CMSE_MPU_UNPRIV:
64 permb = cmse_TTT (pb);
65 perme = singleCheck ? permb : cmse_TTT (pe);
66 break;
67 #if __ARM_FEATURE_CMSE & 2
68 case CMSE_MPU_NONSECURE:
69 permb = cmse_TTA (pb);
70 perme = singleCheck ? permb : cmse_TTA (pe);
71 break;
72 case CMSE_MPU_UNPRIV | CMSE_MPU_NONSECURE:
73 permb = cmse_TTAT (pb);
74 perme = singleCheck ? permb : cmse_TTAT (pe);
75 break;
76 #endif
77 default:
78 /* Invalid flag, eg. CMSE_MPU_NONSECURE specified but
79 __ARM_FEATURE_CMSE & 2 == 0. */
80 return NULL;
81 }
82
83 /* Check that the range does not cross MPU, SAU, or IDAU boundaries. */
84 if (permb.value != perme.value)
85 return NULL;
86
87 /* Check the permissions on the range. */
88 switch (flags & (~known_secure_level))
89 {
90 #if __ARM_FEATURE_CMSE & 2
91 case CMSE_MPU_READ | CMSE_MPU_READWRITE | CMSE_AU_NONSECURE:
92 case CMSE_MPU_READWRITE | CMSE_AU_NONSECURE:
93 return permb.flags.nonsecure_readwrite_ok ? p : NULL;
94 case CMSE_MPU_READ | CMSE_AU_NONSECURE:
95 return permb.flags.nonsecure_read_ok ? p : NULL;
96 case CMSE_AU_NONSECURE:
97 return permb.flags.secure ? NULL : p;
98 #endif
99 case CMSE_MPU_READ | CMSE_MPU_READWRITE:
100 case CMSE_MPU_READWRITE:
101 return permb.flags.readwrite_ok ? p : NULL;
102 case CMSE_MPU_READ:
103 return permb.flags.read_ok ? p : NULL;
104 default:
105 return NULL;
106 }
107 }
108
109
110 #endif /* __ARM_FEATURE_CMSE & 1. */
111