From patchwork Tue Sep 9 16:23:05 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ian Campbell X-Patchwork-Id: 37137 Return-Path: X-Original-To: linaro@patches.linaro.org Delivered-To: linaro@patches.linaro.org Received: from mail-pa0-f69.google.com (mail-pa0-f69.google.com [209.85.220.69]) by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id 0BA6F20566 for ; Tue, 9 Sep 2014 16:25:47 +0000 (UTC) Received: by mail-pa0-f69.google.com with SMTP id kx10sf17108802pab.8 for ; Tue, 09 Sep 2014 09:25:47 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:delivered-to:from:to:date:message-id:in-reply-to :references:mime-version:cc:subject:precedence:list-id :list-unsubscribe:list-post:list-help:list-subscribe:sender :errors-to:x-original-sender:x-original-authentication-results :mailing-list:list-archive:content-type:content-transfer-encoding; bh=CKKW+vHA3PgegEQAcExVf2d7CLpjcfPG2FA2SjoNsVs=; b=R5YibS0/z4qx9GexiIgOxKP1p2XhZoQO9Kl4BZLE1dlEmXNB8rQ5g9ultbzJpP0Ad8 7zF0/97zx/CAvnhDWpwEVg3tI4+JnZYkQPaaTCtJKPvWUtaSAYDFoc1Orma/CpHTbG5W u47fFowMBRYFO3k01tACQsMBS9+m144Y7PlzGTozrYVhfIl0lM28hqrNKeqwCgrmn1d1 RaFOcyUjTk/vW9k1AX2WTIdVwjzzH7Ih1aKtUwrJwgWMhOsLkE36spYZarxIAxBBz+Yn mcOwOkWti4hfK2kcBi5YISMKnLwt2H66AYAvAB1CNNgYRA+10i47mIPM+SOcfbJdF6AN iANQ== X-Gm-Message-State: ALoCoQlSmKo07rl9TJj58ceoObiy4kz4nh/W8c3VMSfRaCW7sYDyInt76YM2JrAtxaxGL/W+5765 X-Received: by 10.66.100.196 with SMTP id fa4mr22642934pab.11.1410279947364; Tue, 09 Sep 2014 09:25:47 -0700 (PDT) X-BeenThere: patchwork-forward@linaro.org Received: by 10.140.37.35 with SMTP id q32ls2235020qgq.50.gmail; Tue, 09 Sep 2014 09:25:47 -0700 (PDT) X-Received: by 10.52.145.204 with SMTP id sw12mr1458011vdb.79.1410279947247; Tue, 09 Sep 2014 09:25:47 -0700 (PDT) Received: from mail-vc0-f173.google.com (mail-vc0-f173.google.com [209.85.220.173]) by mx.google.com with ESMTPS id bg10si5325330vcb.106.2014.09.09.09.25.47 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 09 Sep 2014 09:25:47 -0700 (PDT) Received-SPF: pass (google.com: domain of patch+caf_=patchwork-forward=linaro.org@linaro.org designates 209.85.220.173 as permitted sender) client-ip=209.85.220.173; Received: by mail-vc0-f173.google.com with SMTP id le20so3220486vcb.32 for ; Tue, 09 Sep 2014 09:25:47 -0700 (PDT) X-Received: by 10.220.77.65 with SMTP id f1mr3039943vck.48.1410279947149; Tue, 09 Sep 2014 09:25:47 -0700 (PDT) X-Forwarded-To: patchwork-forward@linaro.org X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org Delivered-To: patch@linaro.org Received: by 10.221.45.67 with SMTP id uj3csp310239vcb; Tue, 9 Sep 2014 09:25:46 -0700 (PDT) X-Received: by 10.52.94.36 with SMTP id cz4mr1638805vdb.75.1410279946712; Tue, 09 Sep 2014 09:25:46 -0700 (PDT) Received: from lists.xen.org (lists.xen.org. [50.57.142.19]) by mx.google.com with ESMTPS id jz15si5911311vdb.94.2014.09.09.09.25.46 for (version=TLSv1 cipher=RC4-SHA bits=128/128); Tue, 09 Sep 2014 09:25:46 -0700 (PDT) Received-SPF: none (google.com: xen-devel-bounces@lists.xen.org does not designate permitted sender hosts) client-ip=50.57.142.19; Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1XROCo-0003L8-1a; Tue, 09 Sep 2014 16:23:46 +0000 Received: from mail6.bemta5.messagelabs.com ([195.245.231.135]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1XROCn-0003Ki-5w for xen-devel@lists.xen.org; Tue, 09 Sep 2014 16:23:45 +0000 Received: from [85.158.139.211:8227] by server-8.bemta-5.messagelabs.com id C4/9C-22440-0992F045; Tue, 09 Sep 2014 16:23:44 +0000 X-Env-Sender: Ian.Campbell@citrix.com X-Msg-Ref: server-10.tower-206.messagelabs.com!1410279819!8114148!3 X-Originating-IP: [66.165.176.63] X-SpamReason: No, hits=0.0 required=7.0 tests=sa_preprocessor: VHJ1c3RlZCBJUDogNjYuMTY1LjE3Ni42MyA9PiAzMDYwNDg=\n X-StarScan-Received: X-StarScan-Version: 6.11.3; banners=-,-,- X-VirusChecked: Checked Received: (qmail 10302 invoked from network); 9 Sep 2014 16:23:43 -0000 Received: from smtp02.citrix.com (HELO SMTP02.CITRIX.COM) (66.165.176.63) by server-10.tower-206.messagelabs.com with RC4-SHA encrypted SMTP; 9 Sep 2014 16:23:43 -0000 X-IronPort-AV: E=Sophos;i="5.04,492,1406592000"; d="scan'208";a="170606711" Received: from ukmail1.uk.xensource.com (10.80.16.128) by smtprelay.citrix.com (10.13.107.79) with Microsoft SMTP Server id 14.3.181.6; Tue, 9 Sep 2014 12:23:15 -0400 Received: from drall.uk.xensource.com ([10.80.16.71]) by ukmail1.uk.xensource.com with smtp (Exim 4.69) (envelope-from ) id 1XROCI-0001uW-6V; Tue, 09 Sep 2014 17:23:15 +0100 Received: by drall.uk.xensource.com (sSMTP sendmail emulation); Tue, 09 Sep 2014 17:23:14 +0100 From: Ian Campbell To: Date: Tue, 9 Sep 2014 17:23:05 +0100 Message-ID: <1410279788-27167-6-git-send-email-ian.campbell@citrix.com> X-Mailer: git-send-email 1.7.10.4 In-Reply-To: <1410279730.8217.238.camel@kazak.uk.xensource.com> References: <1410279730.8217.238.camel@kazak.uk.xensource.com> MIME-Version: 1.0 X-DLP: MIA2 Cc: julien.grall@linaro.org, tim@xen.org, Ian Campbell , stefano.stabellini@eu.citrix.com Subject: [Xen-devel] [PATCH 6/9] xen: arm: Handle CP14 32-bit register accesses from userspace X-BeenThere: xen-devel@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: List-Unsubscribe: , List-Post: , List-Help: , List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org X-Removed-Original-Auth: Dkim didn't pass. X-Original-Sender: ian.campbell@citrix.com X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: domain of patch+caf_=patchwork-forward=linaro.org@linaro.org designates 209.85.220.173 as permitted sender) smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org Mailing-list: list patchwork-forward@linaro.org; contact patchwork-forward+owners@linaro.org X-Google-Group-Id: 836684582541 List-Archive: Accesses to these from 32-bit userspace would cause a hypervisor exception (host crash) when running a 64-bit kernel, which is worked around by the fix to XSA-102. On 32-bit kernels they would be implemented as RAZ/WI which is incorrect but harmless. Update as follows: - DBGDSCRINT should be R/O. - DBGDSCREXT should be EL1 only. - DBGOSLAR is RO and EL1 only. - DBGVCR, DBGB[VC]R*, DBGW[VC]R*, and DBGOSDLR are EL1 only. DBGDIDR and DBGDSCRINT are accessible from EL0 if DBGDSCRext.UDCCdis. Since we emulate that as RAZ/WI we allow access. When we do not allow an access we now silently inject an undef even in debug mode since the debugging messages are not helpful (we have handled the access, by explicitly choosing not to). Signed-off-by: Ian Campbell --- xen/arch/arm/traps.c | 34 +++++++++++++++++++++++++++------- 1 file changed, 27 insertions(+), 7 deletions(-) diff --git a/xen/arch/arm/traps.c b/xen/arch/arm/traps.c index e7a2791..01cc3c0 100644 --- a/xen/arch/arm/traps.c +++ b/xen/arch/arm/traps.c @@ -1600,10 +1600,12 @@ static void do_cp14_32(struct cpu_user_regs *regs, union hsr hsr) switch ( hsr.bits & HSR_CP32_REGS_MASK ) { case HSR_CPREG32(DBGDIDR): - - /* Read-only register */ + /* + * Read-only register. Accessible by EL0 if DBGDSCRext.UDCCdis + * is set to 0, which we emulated below. + */ if ( !cp32.read ) - goto bad_cp; + goto undef_cp14_32; /* Implement the minimum requirements: * - Number of watchpoints: 1 @@ -1616,15 +1618,24 @@ static void do_cp14_32(struct cpu_user_regs *regs, union hsr hsr) break; case HSR_CPREG32(DBGDSCRINT): + if ( !cp32.read ) + goto undef_cp14_32; + + *r = 0; + break; + case HSR_CPREG32(DBGDSCREXT): + if ( usr_mode(regs) ) + goto undef_cp14_32; + /* Implement debug status and control register as RAZ/WI. * The OS won't use Hardware debug if MDBGen not set */ if ( cp32.read ) *r = 0; break; + case HSR_CPREG32(DBGVCR): - case HSR_CPREG32(DBGOSLAR): case HSR_CPREG32(DBGBVR0): case HSR_CPREG32(DBGBCR0): case HSR_CPREG32(DBGWVR0): @@ -1632,13 +1643,22 @@ static void do_cp14_32(struct cpu_user_regs *regs, union hsr hsr) case HSR_CPREG32(DBGBVR1): case HSR_CPREG32(DBGBCR1): case HSR_CPREG32(DBGOSDLR): + if ( usr_mode(regs) ) + goto undef_cp14_32; /* RAZ/WI */ if ( cp32.read ) *r = 0; break; + case HSR_CPREG32(DBGOSLAR): + if ( usr_mode(regs) ) + goto undef_cp14_32; + /* WO */ + if ( cp32.read ) + goto undef_cp14_32; + /* else: ignore */ + break; default: -bad_cp: #ifndef NDEBUG gdprintk(XENLOG_ERR, "%s p14, %d, r%d, cr%d, cr%d, %d @ 0x%"PRIregister"\n", @@ -1647,6 +1667,7 @@ bad_cp: gdprintk(XENLOG_ERR, "unhandled 32-bit cp14 access %#x\n", hsr.bits & HSR_CP32_REGS_MASK); #endif +undef_cp14_32: inject_undef_exception(regs, hsr.len); return; } @@ -1939,8 +1960,7 @@ asmlinkage void do_trap_hypervisor(struct cpu_user_regs *regs) do_cp15_64(regs, hsr); break; case HSR_EC_CP14_32: - if ( !is_32bit_domain(current->domain) ) - goto bad_trap; + BUG_ON(!psr_mode_is_32bit(regs->cpsr)); do_cp14_32(regs, hsr); break; case HSR_EC_CP14_DBG: