Where is r0 set in SVC handler?

[lewisfm]

Hi there,

I noticed that in the SVCHandler you check r0 for the CPSR T bit.

embeddedsw/lib/bsp/standalone/src/arm/cortexa9/armcc/asm_vectors.s

Lines 113 to 119 in 45a1890

	SVCHandler ; SWI handler
	stmdb sp!,{r0-r3,r12,lr} ; state save from compiled code
	tst r0, #0x20 ; check the T bit
	ldrneh r0, [lr,#-2] ; Thumb mode
	bicne r0, r0, #0xff00 ; Thumb mode
	ldreq r0, [lr,#-4] ; ARM mode
	biceq r0, r0, #0xff000000 ; ARM mode

Since control flow comes directly from the vector table, presumably r0 is still set to whatever the user code had stored in it, which could be some value other than CPSR.

Is it possible there is missing logic to load CPSR into r0 before line 115, e.g. ?

mrs r0, spsr
str r0, [sp, #-4]!

Could the current behavior cause issues if you had user code that sets r0 to an arbitrary value with the T bit set to a certain state, like this?

mov r0, #0x1234
svc #1