switch_to_restricted() must explicitly reconstruct the given function pointer, as it needs to remove a permission bit, which clears the tag due to the capability being sealed. However, it does not currently reseal the capability after using the BUILD instruction. This will cause a capability fault on BLRR once CCTLR_EL0.SBL is set, as per the PCuABI specification.
Fix this by explicitly sealing the new capability before branching to it.
Signed-off-by: Kevin Brodsky kevin.brodsky@arm.com --- tools/testing/selftests/arm64/morello/freestanding_start.S | 1 + 1 file changed, 1 insertion(+)
diff --git a/tools/testing/selftests/arm64/morello/freestanding_start.S b/tools/testing/selftests/arm64/morello/freestanding_start.S index 755f24de79f2..c5da0b2d6d41 100644 --- a/tools/testing/selftests/arm64/morello/freestanding_start.S +++ b/tools/testing/selftests/arm64/morello/freestanding_start.S @@ -248,6 +248,7 @@ FUNCTION_START(switch_to_restricted) */ adr c1, #0 build c0, c0, c1 + seal c0, c0, rb /* Branch (restricted) */ blrr c0