diff mbox

[v2,1/3] xen/arm: Don't emulate the MMIO access if the instruction syndrome is invalid

Message ID 1374765692-31370-2-git-send-email-julien.grall@linaro.org
State Accepted, archived
Headers show

Commit Message

Julien Grall July 25, 2013, 3:21 p.m. UTC 
When the instruction syndrome is not valid, the transfer register is unknown.
If this register is used in the emulation code (it's the case for the VGIC),
Xen can retrieve wrong data.

For safety, consider invalid instruction syndrome as wrong memory access.

Signed-off-by: Julien Grall <julien.grall@linaro.org>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
---
 xen/arch/arm/traps.c |    4 ++++
 1 file changed, 4 insertions(+)

Comments

Ian Campbell July 29, 2013, 3:57 p.m. UTC | #1 
On Thu, 2013-07-25 at 16:21 +0100, Julien Grall wrote:
> When the instruction syndrome is not valid, the transfer register is unknown.
> If this register is used in the emulation code (it's the case for the VGIC),
> Xen can retrieve wrong data.
> 
> For safety, consider invalid instruction syndrome as wrong memory access.
> 
> Signed-off-by: Julien Grall <julien.grall@linaro.org>
> Acked-by: Ian Campbell <ian.campbell@citrix.com>

Applied, thanks.
diff mbox

Patch

diff --git a/xen/arch/arm/traps.c b/xen/arch/arm/traps.c
index bbd60aa..d6dc37d 100644
--- a/xen/arch/arm/traps.c
+++ b/xen/arch/arm/traps.c
@@ -1017,6 +1017,10 @@  static void do_trap_data_abort_guest(struct cpu_user_regs *regs,
     if ( rc == -EFAULT )
         goto bad_data_abort;
 
+    /* XXX: Decode the instruction if ISS is not valid */
+    if ( !dabt.valid )
+        goto bad_data_abort;
+
     if (handle_mmio(&info))
     {
         regs->pc += dabt.len ? 4 : 2;