fix(bl31): harden check in delegate_async_ea

Following hardening done around ESR_EL3 register usage - Panic if exception is anyting other than SError - AET bit is only valid if DFSC is 0x11, move DFSC check before AET. Signed-off-by: Manish Pandey <manish.pandey2@arm.com> Change-Id: Ib15159920f6cad964332fd40f88943aee2bc73b4
2025-04-08 05:43:53 +00:00 · 2022-10-11 17:28:14 +01:00 · 2022-10-11 17:28:14 +01:00 · d435238dc3
commit d435238dc3
parent 54b3fc63e4
1 changed files with 14 additions and 7 deletions
--- a/bl31/aarch64/ea_delegate.S
+++ b/bl31/aarch64/ea_delegate.S
@ -195,23 +195,30 @@ endfunc delegate_sync_ea
 */
 func delegate_async_ea
 #if RAS_EXTENSION
+	/* Check Exception Class to ensure SError, as this function should
+	 * only be invoked for SError. If that is not the case, which implies
+	 * either an HW error or programming error, panic.
+	 */
+	ubfx	x2, x1, #ESR_EC_SHIFT, #ESR_EC_LENGTH
+	cmp	x2, EC_SERROR
+	b.ne	do_panic
 	/*
 	 * Check for Implementation Defined Syndrome. If so, skip checking
 	 * Uncontainable error type from the syndrome as the format is unknown.
 	 */
 	tbnz	x1, #SERROR_IDS_BIT, 1f

+	/* AET only valid when DFSC is 0x11 */
+	ubfx	x2, x1, #EABORT_DFSC_SHIFT, #EABORT_DFSC_WIDTH
+	cmp	x2, #DFSC_SERROR
+	b.ne	1f
+
 	/*
 	 * Check for Uncontainable error type. If so, route to the platform
 	 * fatal error handler rather than the generic EA one.
 	 */
-	ubfx	x2, x1, #EABORT_AET_SHIFT, #EABORT_AET_WIDTH
-	cmp	x2, #ERROR_STATUS_UET_UC
-	b.ne	1f
-
-	/* Check DFSC for SError type */
-	ubfx	x3, x1, #EABORT_DFSC_SHIFT, #EABORT_DFSC_WIDTH
-	cmp	x3, #DFSC_SERROR
+	ubfx	x3, x1, #EABORT_AET_SHIFT, #EABORT_AET_WIDTH
+	cmp	x3, #ERROR_STATUS_UET_UC
 	b.ne	1f

 	no_ret	plat_handle_uncontainable_ea