gp register r0 may be corrupted in thread_excp_vect_workaround

[PeikanTsai]

If fiq happen when pc in thread_excp_vect_workaround with fiq enabled, r0 may be modified after exit fiq handler because the tpidr is used as temporary register to save r0 value.

thread_excp_vect_workaround:
    vector_prologue_spectre
    mrs r0, spsr
    cmp_spsr_user_mode r0
    bne 1f
    /* Invalidate the branch predictor for the current processor. */
    write_bpiall
    isb

1:  and r0, sp, #(BIT(0) | BIT(1) | BIT(2))
    bic sp, sp, #(BIT(0) | BIT(1) | BIT(2))
    add pc, pc, r0, LSL #3
    nop

I found this issue after I added an atomic smc call in fiq handler, and sometimes the syscall fail because r0 is modified. And the value of r0 seems like a valid spsr.

[jenswi-linaro]

Yes, I think you're right.

How about adding a cpsid aif before write_tpidrprw r0? The write_tpidrprw r0 should then probably be moved outside the macro vector_prologue_spectre, just before mrs r0, spsr.