Where is r0 set in SVC handler?

[lewisfm]

Hi there,

I noticed that in the SVCHandler you check r0 for the CPSR T bit.

https://github.com/Xilinx/embeddedsw/blob/45a18907084e77bb3a450a035d280130d7ff6e26/lib/bsp/standalone/src/arm/cortexa9/armcc/asm_vectors.s#L113-L119

Since control flow comes directly from the vector table, presumably r0 is still set to whatever the user code had stored in it, which could be some value other than CPSR.

Is it possible there is missing logic to load CPSR into r0 before line 115, e.g. ?

mrs r0, spsr
str r0, [sp, #-4]!

Could the current behavior cause issues if you had user code that sets r0 to an arbitrary value with the T bit set to a certain state, like this?

mov r0, #0x1234
svc #1

[tropicaaal]

From what I can tell, the SVC vector seems to be based on this one in the ARM manual. The implementation in embeddedsw is missing these instructions, however:

    MRS     r0, spsr               ; Get spsr
    STMFD   sp!, {r0, r3}          ; Store spsr onto stack and another
                                   ; register to maintain 8-byte-aligned stack

This causes the the T-bit to be read off of the clobbered r0 rather than spsr resulting in a potentially incorrect syscall number being decoded.

[Coding-xinxiangwanji2017]

Hi，您好：    我收到了您邮件，等我看完邮件以后，第一时间给您回复。

[lewisfm]

After looking at the implementation some more, this does seem unintentional, but probably won't cause issues because it seems like the result of this calculation goes completely unused.