From 4b263725912939748427faa105f8b2745999a627 Mon Sep 17 00:00:00 2001 From: Aidan MacDonald Date: Wed, 7 Apr 2021 19:27:22 +0100 Subject: [PATCH] MIPS: make sure to fill 'jr' branch delay slot with 'nop' Inline assembly in RoLO and the FiiO M3K bootloader used 'jr' to jump to a newly loaded Rockbox binary, but incorrectly left the branch delay slot open. That gives GCC an opening to place illegal instrutions, etc, which might cause an unhandled exception. Change-Id: Ia7a561fe530e94a41189d25f18a767c448177960 --- bootloader/fiiom3k-spl.c | 4 +++- bootloader/fiiom3k.c | 4 +++- firmware/rolo.c | 1 + 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/bootloader/fiiom3k-spl.c b/bootloader/fiiom3k-spl.c index ec532d5789..67b4b0a59c 100644 --- a/bootloader/fiiom3k-spl.c +++ b/bootloader/fiiom3k-spl.c @@ -199,6 +199,8 @@ void spl_main(void) /* Flush caches and jump to address */ void* execaddr = (void*)opt->exec_addr; commit_discard_idcache(); - __asm__ __volatile__ ("jr %0" :: "r"(execaddr)); + __asm__ __volatile__ ("jr %0\n" + "nop\n" + :: "r"(execaddr)); __builtin_unreachable(); } diff --git a/bootloader/fiiom3k.c b/bootloader/fiiom3k.c index 6108a37efc..93010e86d2 100644 --- a/bootloader/fiiom3k.c +++ b/bootloader/fiiom3k.c @@ -47,7 +47,9 @@ void exec(void* dst, const void* src, int bytes) { memcpy(dst, src, bytes); commit_discard_idcache(); - __asm__ __volatile__ ("jr %0" :: "r"(dst)); + __asm__ __volatile__ ("jr %0\n" + "nop\n" + :: "r"(dst)); __builtin_unreachable(); } diff --git a/firmware/rolo.c b/firmware/rolo.c index f58b56e827..622110576a 100644 --- a/firmware/rolo.c +++ b/firmware/rolo.c @@ -204,6 +204,7 @@ void rolo_restart(const unsigned char* source, unsigned char* dest, commit_discard_idcache(); asm volatile( "jr %0 \n" + "nop\n" : : "r"(dest) ); #endif