devs/foxbox
1
0
Fork 0
forked from len0rd/rockbox
Code Pull requests Activity

MIPS: make sure to fill 'jr' branch delay slot with 'nop'

Browse source 
Inline assembly in RoLO and the FiiO M3K bootloader used 'jr' to
jump to a newly loaded Rockbox binary, but incorrectly left the
branch delay slot open. That gives GCC an opening to place illegal
instrutions, etc, which might cause an unhandled exception.

Change-Id: Ia7a561fe530e94a41189d25f18a767c448177960
This commit is contained in:
Aidan MacDonald 2021-04-07 19:27:22 +01:00
parent 213d372c92
commit 4b26372591
3 changed files with 7 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
bootloader/fiiom3k-spl.c
View file

@ -199,6 +199,8 @@ void spl_main(void)
/* Flush caches and jump to address */ /* Flush caches and jump to address */
void* execaddr = (void*)opt->exec_addr; void* execaddr = (void*)opt->exec_addr;
commit_discard_idcache(); commit_discard_idcache();
__asm__ __volatile__ ("jr %0" :: "r"(execaddr)); __asm__ __volatile__ ("jr %0\n"
"nop\n"
:: "r"(execaddr));
__builtin_unreachable(); __builtin_unreachable();
} }

4
bootloader/fiiom3k.c
View file

@ -47,7 +47,9 @@ void exec(void* dst, const void* src, int bytes)
{ {
memcpy(dst, src, bytes); memcpy(dst, src, bytes);
commit_discard_idcache(); commit_discard_idcache();
__asm__ __volatile__ ("jr %0" :: "r"(dst)); __asm__ __volatile__ ("jr %0\n"
"nop\n"
:: "r"(dst));
__builtin_unreachable(); __builtin_unreachable();
} }

1
firmware/rolo.c
View file

@ -204,6 +204,7 @@ void rolo_restart(const unsigned char* source, unsigned char* dest,
commit_discard_idcache(); commit_discard_idcache();
asm volatile( asm volatile(
"jr %0 \n" "jr %0 \n"
"nop\n"
: : "r"(dest) : : "r"(dest)
); );
#endif #endif