[Xen-devel,3/7] xen/arm32: entry: Add missing trap_reset entry

Message ID 20180119134103.3390-4-julien.grall@linaro.org
State New
Headers show
Series
  • xen/arm32: Branch predictor hardening (XSA-254 variant 2)
Related show

Commit Message

Julien Grall Jan. 19, 2018, 1:40 p.m.
At the moment, the reset vector is defined as .word 0 (e.g andeq r0, r0,
r0).

This is rather unintuitive and will result to execute the trap
undefined. Instead introduce trap helpers for reset and will generate an
error message in the unlikely case that reset will be called.

This is part of XSA-254.

Signed-off-by: Julien Grall <julien.grall@linaro.org>
---
 xen/arch/arm/arm32/entry.S | 1 +
 xen/arch/arm/arm32/traps.c | 5 +++++
 2 files changed, 6 insertions(+)

Comments

Stefano Stabellini Jan. 24, 2018, 11:14 p.m. | #1
On Fri, 19 Jan 2018, Julien Grall wrote:
> At the moment, the reset vector is defined as .word 0 (e.g andeq r0, r0,
> r0).
> 
> This is rather unintuitive and will result to execute the trap
> undefined. Instead introduce trap helpers for reset and will generate an
> error message in the unlikely case that reset will be called.
> 
> This is part of XSA-254.
> 
> Signed-off-by: Julien Grall <julien.grall@linaro.org>
> ---
>  xen/arch/arm/arm32/entry.S | 1 +
>  xen/arch/arm/arm32/traps.c | 5 +++++
>  2 files changed, 6 insertions(+)
> 
> diff --git a/xen/arch/arm/arm32/entry.S b/xen/arch/arm/arm32/entry.S
> index c6490d2847..c2fad5fe9b 100644
> --- a/xen/arch/arm/arm32/entry.S
> +++ b/xen/arch/arm/arm32/entry.S
> @@ -146,6 +146,7 @@ GLOBAL(hyp_traps_vector)
>          b trap_irq                      /* 0x18 - IRQ */
>          b trap_fiq                      /* 0x1c - FIQ */
>  
> +DEFINE_TRAP_ENTRY(reset)

This is OK, but shouldn't we also change the entry under
GLOBAL(hyp_traps_vector), from ".word 0" to "b trap_reset" ?


>  DEFINE_TRAP_ENTRY(undefined_instruction)
>  DEFINE_TRAP_ENTRY(hypervisor_call)
>  DEFINE_TRAP_ENTRY(prefetch_abort)
> diff --git a/xen/arch/arm/arm32/traps.c b/xen/arch/arm/arm32/traps.c
> index 705255883e..4f27543dec 100644
> --- a/xen/arch/arm/arm32/traps.c
> +++ b/xen/arch/arm/arm32/traps.c
> @@ -23,6 +23,11 @@
>  
>  #include <asm/processor.h>
>  
> +void do_trap_reset(struct cpu_user_regs *regs)
> +{
> +    do_unexpected_trap("Reset", regs);
> +}
> +
>  void do_trap_undefined_instruction(struct cpu_user_regs *regs)
>  {
>      uint32_t pc = regs->pc;
> -- 
> 2.11.0
>
Julien Grall Jan. 25, 2018, 11:24 a.m. | #2
Hi Stefano,

On 24/01/18 23:14, Stefano Stabellini wrote:
> On Fri, 19 Jan 2018, Julien Grall wrote:
>> At the moment, the reset vector is defined as .word 0 (e.g andeq r0, r0,
>> r0).
>>
>> This is rather unintuitive and will result to execute the trap
>> undefined. Instead introduce trap helpers for reset and will generate an
>> error message in the unlikely case that reset will be called.
>>
>> This is part of XSA-254.
>>
>> Signed-off-by: Julien Grall <julien.grall@linaro.org>
>> ---
>>   xen/arch/arm/arm32/entry.S | 1 +
>>   xen/arch/arm/arm32/traps.c | 5 +++++
>>   2 files changed, 6 insertions(+)
>>
>> diff --git a/xen/arch/arm/arm32/entry.S b/xen/arch/arm/arm32/entry.S
>> index c6490d2847..c2fad5fe9b 100644
>> --- a/xen/arch/arm/arm32/entry.S
>> +++ b/xen/arch/arm/arm32/entry.S
>> @@ -146,6 +146,7 @@ GLOBAL(hyp_traps_vector)
>>           b trap_irq                      /* 0x18 - IRQ */
>>           b trap_fiq                      /* 0x1c - FIQ */
>>   
>> +DEFINE_TRAP_ENTRY(reset)
> 
> This is OK, but shouldn't we also change the entry under
> GLOBAL(hyp_traps_vector), from ".word 0" to "b trap_reset" ?

That was my plan but forgot to do it :/ I will update the patch and 
resend it.

Cheers,

Patch

diff --git a/xen/arch/arm/arm32/entry.S b/xen/arch/arm/arm32/entry.S
index c6490d2847..c2fad5fe9b 100644
--- a/xen/arch/arm/arm32/entry.S
+++ b/xen/arch/arm/arm32/entry.S
@@ -146,6 +146,7 @@  GLOBAL(hyp_traps_vector)
         b trap_irq                      /* 0x18 - IRQ */
         b trap_fiq                      /* 0x1c - FIQ */
 
+DEFINE_TRAP_ENTRY(reset)
 DEFINE_TRAP_ENTRY(undefined_instruction)
 DEFINE_TRAP_ENTRY(hypervisor_call)
 DEFINE_TRAP_ENTRY(prefetch_abort)
diff --git a/xen/arch/arm/arm32/traps.c b/xen/arch/arm/arm32/traps.c
index 705255883e..4f27543dec 100644
--- a/xen/arch/arm/arm32/traps.c
+++ b/xen/arch/arm/arm32/traps.c
@@ -23,6 +23,11 @@ 
 
 #include <asm/processor.h>
 
+void do_trap_reset(struct cpu_user_regs *regs)
+{
+    do_unexpected_trap("Reset", regs);
+}
+
 void do_trap_undefined_instruction(struct cpu_user_regs *regs)
 {
     uint32_t pc = regs->pc;