From 0bb50b9a7e5848edea732b21d6fba8c363054610 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Mon, 5 Mar 2018 01:31:56 -0500 Subject: [PATCH] target/arm: Restore security state on exception return Now that we can handle the CONTROL.SPSEL bit not necessarily being in sync with the current stack pointer, we can restore the correct security state on exception return. This happens before we start to read registers off the stack frame, but after we have taken possible usage faults for bad exception return magic values and updated CONTROL.SPSEL. Backports commit 3919e60b6efd9a86a0e6ba637aa584222855ac3a from qemu --- qemu/target/arm/helper.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/qemu/target/arm/helper.c b/qemu/target/arm/helper.c index f9d949d3..9f0a134d 100644 --- a/qemu/target/arm/helper.c +++ b/qemu/target/arm/helper.c @@ -5645,6 +5645,8 @@ static void do_v7m_exception_exit(ARMCPU *cpu) */ write_v7m_control_spsel(env, return_to_sp_process); + switch_v7m_security_state(env, return_to_secure); + { /* The stack pointer we should be reading the exception frame from * depends on bits in the magic exception return type value (and