From patchwork Thu Feb 1 18:47:47 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Julien Grall X-Patchwork-Id: 126577 Delivered-To: patch@linaro.org Received: by 10.46.124.24 with SMTP id x24csp1971680ljc; Thu, 1 Feb 2018 10:50:35 -0800 (PST) X-Google-Smtp-Source: AH8x226PTpa5atDR8zprQ+Ch8tL/Uwc1oIm6F3fzlIddy32rh4/4N3JA7IcIaeWhLNnluE9P2fBo X-Received: by 10.107.242.14 with SMTP id q14mr18614593ioh.211.1517511035262; Thu, 01 Feb 2018 10:50:35 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1517511035; cv=none; d=google.com; s=arc-20160816; b=D83YvcNzd10Co0jgsEmfKxU4XwGvFZISpE+9qgxRfnjxf4lseId9yedXjEZAueMW5Y 2gJUkNyqNynHifSVKCTI7AyabeHKidnSHBLW+4pTPaVCa9+IfOMMAf/sRUIU/BV6TV3y BPiOmDC1L3k2Vy8jDyTyC2hHKi5TqDBYGiMt1rNITDz5gHMl1wQmygCZ3pX0f/ylnqkd shMYxXv9cIjGBtgVcgp2Recfc6SNRsiF2KDO5QhWo1wOL+nqyy+6Ig9FSOHMQTNvZTr3 zYdNgc699oTFhRSjwkR8FGk49abpgG4yCzOBX575wactEqFWH+wykNiCAsEq+th9IA2o 4sSw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version :list-subscribe:list-help:list-post:list-unsubscribe:list-id :precedence:subject:cc:references:in-reply-to:message-id:date:to :from:arc-authentication-results; bh=iP6VaKHTpj5MyZdn7ms4GYD+UQxuuKtXFlGdwlBg4HE=; b=oayFOHOTbRt3IR8hFCmBdufgj2VssgsBroGE6k2PWU3IMkLS3YDZFE7oSOzUUs+Hkj 6I1Ssilv2EaZesFHx3cCLfkXwFsS+jCjFGKALOdTBsgWTrzoimKbCec/4Ijj1DWdnFjm ahSPCuY2vm4DjCJa7PiV82YlZazX48R50k/nZrhsKlrTj4ZBMv9wPKNcEvpQBE5y9/63 YL3bEPorKS21HhbKaDnjKWZRFxEjueQxlEt5UpKy7AluDAV8uHDPuYWTQpURZEblhck+ NmdRzXs6A0bjIsN/3w2rGz676gxornHL7cqrFFkruUFQmqDYRlK0OmoNmS1tw6biPmAP JC6w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of xen-devel-bounces@lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Return-Path: Received: from lists.xenproject.org (lists.xenproject.org. [192.237.175.120]) by mx.google.com with ESMTPS id l125si152728iof.131.2018.02.01.10.50.35 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 01 Feb 2018 10:50:35 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of xen-devel-bounces@lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of xen-devel-bounces@lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ehJu5-0007Vn-3q; Thu, 01 Feb 2018 18:48:09 +0000 Received: from all-amaz-eas1.inumbo.com ([34.197.232.57]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ehJu4-0007UY-7n for xen-devel@lists.xen.org; Thu, 01 Feb 2018 18:48:08 +0000 X-Inumbo-ID: 81d0e93b-0780-11e8-b9b1-635ca7ef6cff Received: from foss.arm.com (unknown [217.140.101.70]) by us1-amaz-eas1.inumbo.com (Halon) with ESMTP id 81d0e93b-0780-11e8-b9b1-635ca7ef6cff; Thu, 01 Feb 2018 18:48:35 +0000 (UTC) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id C3B2A15AB; Thu, 1 Feb 2018 10:48:01 -0800 (PST) Received: from e108454-lin.cambridge.arm.com (e108454-lin.cambridge.arm.com [10.1.206.53]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id B4BE23F25C; Thu, 1 Feb 2018 10:48:00 -0800 (PST) From: Julien Grall To: xen-devel@lists.xen.org Date: Thu, 1 Feb 2018 18:47:47 +0000 Message-Id: <20180201184749.29430-2-julien.grall@arm.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20180201184749.29430-1-julien.grall@arm.com> References: <20180201184749.29430-1-julien.grall@arm.com> Cc: andrew.cooper3@citrix.com, Julien Grall , sstabellini@kernel.org, andre.przywara@linaro.org Subject: [Xen-devel] [PATCH v2 1/3] xen/arm: io: Distinguish unhandled IO from aborted one X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" Currently, Xen is considering that an IO could either be handled or unhandled. When unhandled, the stage-2 abort function will try another way to resolve the abort. However, the MMIO emulation may return unhandled when the address belongs to an emulated range but was not correct. In that case, Xen should avoid to try another way and directly inject a guest data abort. Introduce a tri-state return to distinguish the following state: * IO_ABORT: The IO was handled but resulted in an abort * IO_HANDLED: The IO was handled * IO_UNHANDLED: The IO was unhandled For now, it is considered that an IO belonging to an emulated range could either be handled or inject an abort. This could be revisit in the future if overlapped region exist (or we want to try another way to resolve the abort). Signed-off-by: Julien Grall --- Changes in v2: - Always return IO_ABORT when the check failed because we know it was targeted emulated IO. - Fix typoes --- xen/arch/arm/io.c | 32 ++++++++++++++++++-------------- xen/arch/arm/traps.c | 18 +++++++++++++++--- xen/include/asm-arm/mmio.h | 13 ++++++++++--- 3 files changed, 43 insertions(+), 20 deletions(-) diff --git a/xen/arch/arm/io.c b/xen/arch/arm/io.c index c3e9239ffe..1f4cb8f37d 100644 --- a/xen/arch/arm/io.c +++ b/xen/arch/arm/io.c @@ -26,8 +26,9 @@ #include "decode.h" -static int handle_read(const struct mmio_handler *handler, struct vcpu *v, - mmio_info_t *info) +static enum io_state handle_read(const struct mmio_handler *handler, + struct vcpu *v, + mmio_info_t *info) { const struct hsr_dabt dabt = info->dabt; struct cpu_user_regs *regs = guest_cpu_user_regs(); @@ -40,7 +41,7 @@ static int handle_read(const struct mmio_handler *handler, struct vcpu *v, uint8_t size = (1 << dabt.size) * 8; if ( !handler->ops->read(v, info, &r, handler->priv) ) - return 0; + return IO_ABORT; /* * Sign extend if required. @@ -60,17 +61,20 @@ static int handle_read(const struct mmio_handler *handler, struct vcpu *v, set_user_reg(regs, dabt.reg, r); - return 1; + return IO_HANDLED; } -static int handle_write(const struct mmio_handler *handler, struct vcpu *v, - mmio_info_t *info) +static enum io_state handle_write(const struct mmio_handler *handler, + struct vcpu *v, + mmio_info_t *info) { const struct hsr_dabt dabt = info->dabt; struct cpu_user_regs *regs = guest_cpu_user_regs(); + int ret; - return handler->ops->write(v, info, get_user_reg(regs, dabt.reg), - handler->priv); + ret = handler->ops->write(v, info, get_user_reg(regs, dabt.reg), + handler->priv); + return ( ret ) ? IO_HANDLED : IO_ABORT; } /* This function assumes that mmio regions are not overlapped */ @@ -103,9 +107,9 @@ static const struct mmio_handler *find_mmio_handler(struct domain *d, return handler; } -int try_handle_mmio(struct cpu_user_regs *regs, - const union hsr hsr, - paddr_t gpa) +enum io_state try_handle_mmio(struct cpu_user_regs *regs, + const union hsr hsr, + paddr_t gpa) { struct vcpu *v = current; const struct mmio_handler *handler = NULL; @@ -119,11 +123,11 @@ int try_handle_mmio(struct cpu_user_regs *regs, handler = find_mmio_handler(v->domain, info.gpa); if ( !handler ) - return 0; + return IO_UNHANDLED; /* All the instructions used on emulated MMIO region should be valid */ if ( !dabt.valid ) - return 0; + return IO_ABORT; /* * Erratum 766422: Thumb store translation fault to Hypervisor may @@ -138,7 +142,7 @@ int try_handle_mmio(struct cpu_user_regs *regs, if ( rc ) { gprintk(XENLOG_DEBUG, "Unable to decode instruction\n"); - return 0; + return IO_ABORT; } } diff --git a/xen/arch/arm/traps.c b/xen/arch/arm/traps.c index 2f8d790bb3..1e85f99ec1 100644 --- a/xen/arch/arm/traps.c +++ b/xen/arch/arm/traps.c @@ -1964,10 +1964,21 @@ static void do_trap_stage2_abort_guest(struct cpu_user_regs *regs, * * Note that emulated region cannot be executed */ - if ( is_data && try_handle_mmio(regs, hsr, gpa) ) + if ( is_data ) { - advance_pc(regs, hsr); - return; + enum io_state state = try_handle_mmio(regs, hsr, gpa); + + switch ( state ) + { + case IO_ABORT: + goto inject_abt; + case IO_HANDLED: + advance_pc(regs, hsr); + return; + case IO_UNHANDLED: + /* IO unhandled, try another way to handle it. */ + break; + } } /* @@ -1988,6 +1999,7 @@ static void do_trap_stage2_abort_guest(struct cpu_user_regs *regs, hsr.bits, xabt.fsc); } +inject_abt: gdprintk(XENLOG_DEBUG, "HSR=0x%x pc=%#"PRIregister" gva=%#"PRIvaddr " gpa=%#"PRIpaddr"\n", hsr.bits, regs->pc, gva, gpa); if ( is_data ) diff --git a/xen/include/asm-arm/mmio.h b/xen/include/asm-arm/mmio.h index c941073257..c8dadb5006 100644 --- a/xen/include/asm-arm/mmio.h +++ b/xen/include/asm-arm/mmio.h @@ -32,6 +32,13 @@ typedef struct paddr_t gpa; } mmio_info_t; +enum io_state +{ + IO_ABORT, /* The IO was handled by the helper and led to an abort. */ + IO_HANDLED, /* The IO was successfully handled by the helper. */ + IO_UNHANDLED, /* The IO was not handled by the helper. */ +}; + typedef int (*mmio_read_t)(struct vcpu *v, mmio_info_t *info, register_t *r, void *priv); typedef int (*mmio_write_t)(struct vcpu *v, mmio_info_t *info, @@ -56,9 +63,9 @@ struct vmmio { struct mmio_handler *handlers; }; -int try_handle_mmio(struct cpu_user_regs *regs, - const union hsr hsr, - paddr_t gpa); +enum io_state try_handle_mmio(struct cpu_user_regs *regs, + const union hsr hsr, + paddr_t gpa); void register_mmio_handler(struct domain *d, const struct mmio_handler_ops *ops, paddr_t addr, paddr_t size, void *priv); From patchwork Thu Feb 1 18:47:48 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Julien Grall X-Patchwork-Id: 126576 Delivered-To: patch@linaro.org Received: by 10.46.124.24 with SMTP id x24csp1971632ljc; Thu, 1 Feb 2018 10:50:30 -0800 (PST) X-Google-Smtp-Source: AH8x224Y2gtsjV5iwGBVfEw1mF/qkHtCIxlvcykwygYIcFudMdle1TkuKQ4lwo42HmynG55O2e1k X-Received: by 10.107.62.198 with SMTP id l189mr39313544ioa.231.1517511030552; Thu, 01 Feb 2018 10:50:30 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1517511030; cv=none; d=google.com; s=arc-20160816; b=N/6spl2O+lYaR6RwQxdGCqEU0jfDtRNH/fsBKVCPoqNtoN6ENQY6FYuei4bjxM6/GI nVaRUKMkv2tk86YhT8pBSd1EAvdhdobXRotRWHkYPpI7egRIuo5kQey4abU/TjluJjuu nRqVB6k+qJzAcxlSxcoQUNM72WWRONkh6DFeJzqEFgeoQr+RkJbursgVHDPdPQhvNhj8 Yg6Xy31X6TYYVpACWqMOGXjPQuJGjDxiAjfb19FwUwe3QQAz2N+tiKYfRGGwUIyBo2CV u7w8mkDT/u80irfCe/M5NCR5xBR/jLQfg9R10zTsM2qk1Vj+K6q5+dWO2RnYM+6+4SIg JGcg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version :list-subscribe:list-help:list-post:list-unsubscribe:list-id :precedence:subject:cc:references:in-reply-to:message-id:date:to :from:arc-authentication-results; bh=aWC6toSZdaDt9uQgM2ZziwhbZEfaOKro5DQgIj3yBqQ=; b=nOLD6dWjKUZcmnTQ56pTj1RJZohq/wfOjIDHqlzpBdSgV35ConIznf3UKIUgJ+PrFZ Za+Ri5ReU3yICMaPw+vx0rI/ad4tqVl62r623tgeNl1tH0NdW2+QzCn2A2/CLoVd+51o Wiyo5PAYNngjQuIG/qErPCK+s3d8Y2aK/YGM6GR4Ohe1qx3AvSp+2wx9DNLs/38dlAtx hncDKyygpnDDPNq9kfB7wq9Sy9mqeQ3Jl8F5/5+piKx2I9lSLpLfSrgjlEsEfTuIdsDM Iuc0382RKoP7WXRs9POnAb+/a2odfAVpdPAo44vhIJuNnmpeajvi/rEdwmmK+dL+J7J9 wcmQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of xen-devel-bounces@lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Return-Path: Received: from lists.xenproject.org (lists.xenproject.org. [192.237.175.120]) by mx.google.com with ESMTPS id f193si495450itd.38.2018.02.01.10.50.30 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 01 Feb 2018 10:50:30 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of xen-devel-bounces@lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of xen-devel-bounces@lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ehJu6-0007W9-Gw; Thu, 01 Feb 2018 18:48:10 +0000 Received: from all-amaz-eas1.inumbo.com ([34.197.232.57]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ehJu5-0007UZ-1V for xen-devel@lists.xen.org; Thu, 01 Feb 2018 18:48:09 +0000 X-Inumbo-ID: 82961958-0780-11e8-b9b1-635ca7ef6cff Received: from foss.arm.com (unknown [217.140.101.70]) by us1-amaz-eas1.inumbo.com (Halon) with ESMTP id 82961958-0780-11e8-b9b1-635ca7ef6cff; Thu, 01 Feb 2018 18:48:36 +0000 (UTC) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 1D87215BE; Thu, 1 Feb 2018 10:48:03 -0800 (PST) Received: from e108454-lin.cambridge.arm.com (e108454-lin.cambridge.arm.com [10.1.206.53]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 0E4053F25C; Thu, 1 Feb 2018 10:48:01 -0800 (PST) From: Julien Grall To: xen-devel@lists.xen.org Date: Thu, 1 Feb 2018 18:47:48 +0000 Message-Id: <20180201184749.29430-3-julien.grall@arm.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20180201184749.29430-1-julien.grall@arm.com> References: <20180201184749.29430-1-julien.grall@arm.com> Cc: andrew.cooper3@citrix.com, Julien Grall , sstabellini@kernel.org, andre.przywara@linaro.org Subject: [Xen-devel] [PATCH v2 2/3] xen/arm: Don't crash domain on bad MMIO emulation X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" Now the MMIO emulation is able to distinguish unhandled IO from aborted one, there are no need to crash the domain when the region is access with a bad width. Instead let Xen inject a data abort to the guest and decide what to do. Signed-off-by: Julien Grall Reviewed-by: Stefano Stabellini --- Changes in v2 - Add Stefano's reviewed-by --- xen/arch/arm/vgic-v2.c | 2 -- xen/arch/arm/vgic-v3-its.c | 3 --- xen/arch/arm/vgic-v3.c | 8 -------- xen/arch/arm/vpl011.c | 2 -- 4 files changed, 15 deletions(-) diff --git a/xen/arch/arm/vgic-v2.c b/xen/arch/arm/vgic-v2.c index 2bdb25261a..646d1f3d12 100644 --- a/xen/arch/arm/vgic-v2.c +++ b/xen/arch/arm/vgic-v2.c @@ -348,7 +348,6 @@ static int vgic_v2_distr_mmio_read(struct vcpu *v, mmio_info_t *info, bad_width: printk(XENLOG_G_ERR "%pv: vGICD: bad read width %d r%d offset %#08x\n", v, dabt.size, dabt.reg, gicd_reg); - domain_crash_synchronous(); return 0; read_as_zero_32: @@ -613,7 +612,6 @@ bad_width: printk(XENLOG_G_ERR "%pv: vGICD: bad write width %d r%d=%"PRIregister" offset %#08x\n", v, dabt.size, dabt.reg, r, gicd_reg); - domain_crash_synchronous(); return 0; write_ignore_32: diff --git a/xen/arch/arm/vgic-v3-its.c b/xen/arch/arm/vgic-v3-its.c index d8fa44258d..32061c6b03 100644 --- a/xen/arch/arm/vgic-v3-its.c +++ b/xen/arch/arm/vgic-v3-its.c @@ -1136,7 +1136,6 @@ read_reserved: bad_width: printk(XENLOG_G_ERR "vGITS: bad read width %d r%d offset %#04lx\n", info->dabt.size, info->dabt.reg, (unsigned long)info->gpa & 0xffff); - domain_crash_synchronous(); return 0; } @@ -1446,8 +1445,6 @@ bad_width: printk(XENLOG_G_ERR "vGITS: bad write width %d r%d offset %#08lx\n", info->dabt.size, info->dabt.reg, (unsigned long)info->gpa & 0xffff); - domain_crash_synchronous(); - return 0; } diff --git a/xen/arch/arm/vgic-v3.c b/xen/arch/arm/vgic-v3.c index af16dfd005..2ad8a6be62 100644 --- a/xen/arch/arm/vgic-v3.c +++ b/xen/arch/arm/vgic-v3.c @@ -328,7 +328,6 @@ static int __vgic_v3_rdistr_rd_mmio_read(struct vcpu *v, mmio_info_t *info, bad_width: printk(XENLOG_G_ERR "%pv vGICR: bad read width %d r%d offset %#08x\n", v, dabt.size, dabt.reg, gicr_reg); - domain_crash_synchronous(); return 0; read_as_zero_64: @@ -648,7 +647,6 @@ bad_width: printk(XENLOG_G_ERR "%pv: vGICR: bad write width %d r%d=%"PRIregister" offset %#08x\n", v, dabt.size, dabt.reg, r, gicr_reg); - domain_crash_synchronous(); return 0; write_ignore_64: @@ -760,7 +758,6 @@ static int __vgic_v3_distr_common_mmio_read(const char *name, struct vcpu *v, bad_width: printk(XENLOG_G_ERR "%pv: %s: bad read width %d r%d offset %#08x\n", v, name, dabt.size, dabt.reg, reg); - domain_crash_synchronous(); return 0; read_as_zero: @@ -876,7 +873,6 @@ bad_width: printk(XENLOG_G_ERR "%pv: %s: bad write width %d r%d=%"PRIregister" offset %#08x\n", v, name, dabt.size, dabt.reg, r, reg); - domain_crash_synchronous(); return 0; write_ignore_32: @@ -937,7 +933,6 @@ static int vgic_v3_rdistr_sgi_mmio_read(struct vcpu *v, mmio_info_t *info, bad_width: printk(XENLOG_G_ERR "%pv: vGICR: SGI: bad read width %d r%d offset %#08x\n", v, dabt.size, dabt.reg, gicr_reg); - domain_crash_synchronous(); return 0; read_as_zero_32: @@ -1017,7 +1012,6 @@ bad_width: printk(XENLOG_G_ERR "%pv: vGICR: SGI: bad write width %d r%d=%"PRIregister" offset %#08x\n", v, dabt.size, dabt.reg, r, gicr_reg); - domain_crash_synchronous(); return 0; write_ignore_32: @@ -1268,7 +1262,6 @@ static int vgic_v3_distr_mmio_read(struct vcpu *v, mmio_info_t *info, bad_width: printk(XENLOG_G_ERR "%pv: vGICD: bad read width %d r%d offset %#08x\n", v, dabt.size, dabt.reg, gicd_reg); - domain_crash_synchronous(); return 0; read_as_zero_32: @@ -1456,7 +1449,6 @@ bad_width: printk(XENLOG_G_ERR "%pv: vGICD: bad write width %d r%d=%"PRIregister" offset %#08x\n", v, dabt.size, dabt.reg, r, gicd_reg); - domain_crash_synchronous(); return 0; write_ignore_32: diff --git a/xen/arch/arm/vpl011.c b/xen/arch/arm/vpl011.c index 725b2e03ad..7788c2fc32 100644 --- a/xen/arch/arm/vpl011.c +++ b/xen/arch/arm/vpl011.c @@ -296,7 +296,6 @@ static int vpl011_mmio_read(struct vcpu *v, bad_width: gprintk(XENLOG_ERR, "vpl011: bad read width %d r%d offset %#08x\n", dabt.size, dabt.reg, vpl011_reg); - domain_crash_synchronous(); return 0; } @@ -366,7 +365,6 @@ write_ignore: bad_width: gprintk(XENLOG_ERR, "vpl011: bad write width %d r%d offset %#08x\n", dabt.size, dabt.reg, vpl011_reg); - domain_crash_synchronous(); return 0; } From patchwork Thu Feb 1 18:47:49 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Julien Grall X-Patchwork-Id: 126578 Delivered-To: patch@linaro.org Received: by 10.46.124.24 with SMTP id x24csp1971731ljc; Thu, 1 Feb 2018 10:50:40 -0800 (PST) X-Google-Smtp-Source: AH8x225tUgrYjUets7YxH8iphspPPwlegb8oESrhs2bSa+PMxIKGLcXEWsOr6qPETqzg+JsGYK/Z X-Received: by 10.36.250.193 with SMTP id v184mr13099420ith.64.1517511040196; Thu, 01 Feb 2018 10:50:40 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1517511040; cv=none; d=google.com; s=arc-20160816; b=HbKMZn2HvqWx0jiIXwO4sQTwq6kpd+hZ8/xjTwC5Zd0s94hJPHMGJG4Iy+xQ/fN5nQ +PgMeoKbnO1VLppE0rIfHk1UuiDrLO/Emv/3U/79sVpmeiJqPkqwWdzjdDUGPHKhzYgO uHyqaKtyi1OTxyS/zhLzAprMVxfoaVdj3A/zpfg+/RwyUM3HCPrBlPmmCMM0O98+wvA2 JQoI9su/di64OZFuscDaMPnI0/WZ9CktTZJOZo0IE08oT6/newCizPmQVnhRlYAG3k/g JNKmvGIG7qEIzafByuQShsX1BQJbBCw320d14rz6ONY8STjiaruhJzk6Be3o3m8RLVsR RK8Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version :list-subscribe:list-help:list-post:list-unsubscribe:list-id :precedence:subject:cc:references:in-reply-to:message-id:date:to :from:arc-authentication-results; bh=fx8gO0NkYIsJIipHW+OVWUluFn6+eU6welLReTQpWRM=; b=k8vZRkiz2CBloFdTNyqd4wnmEM4Guwy/JS4PYHOHjMK99YS5AD7EGmcoW+x0hFwpd7 ahsKA6zFJEOSdusHxCPucf5dyMqB5XsRIvvVZf2bbzb6edASw2klxTKtMl8bHYXWAOpQ ANpHL83dvItS5TU8zPtbAagdXMuO3U9ZwgYy/UVSgT5yqQDBcL7gp0yjARDBoiELo8rS 2MRMRoHRIvYtAfrgZ4Loe/nlP/mEwN1lqdvSq6mVISfJKVlPqo+DLIJaBMiEG4fzCaGl XfI1IlooyI189R2Ikfp969bDAv7+ZkvMHzCA1oULgs1PDHmSu7CfkJcMyoAeB2MxN8It wMeg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of xen-devel-bounces@lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Return-Path: Received: from lists.xenproject.org (lists.xenproject.org. [192.237.175.120]) by mx.google.com with ESMTPS id m203si432535itd.164.2018.02.01.10.50.39 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 01 Feb 2018 10:50:40 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of xen-devel-bounces@lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of xen-devel-bounces@lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ehJu2-0007Ug-Tf; Thu, 01 Feb 2018 18:48:06 +0000 Received: from us1-rack-dfw2.inumbo.com ([104.130.134.6]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ehJu2-0007Ua-2r for xen-devel@lists.xen.org; Thu, 01 Feb 2018 18:48:06 +0000 X-Inumbo-ID: 6620fbdf-0780-11e8-ba59-bc764e045a96 Received: from foss.arm.com (unknown [217.140.101.70]) by us1-rack-dfw2.inumbo.com (Halon) with ESMTP id 6620fbdf-0780-11e8-ba59-bc764e045a96; Thu, 01 Feb 2018 19:47:48 +0100 (CET) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 6BFEB1435; Thu, 1 Feb 2018 10:48:04 -0800 (PST) Received: from e108454-lin.cambridge.arm.com (e108454-lin.cambridge.arm.com [10.1.206.53]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 5C2563F25C; Thu, 1 Feb 2018 10:48:03 -0800 (PST) From: Julien Grall To: xen-devel@lists.xen.org Date: Thu, 1 Feb 2018 18:47:49 +0000 Message-Id: <20180201184749.29430-4-julien.grall@arm.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20180201184749.29430-1-julien.grall@arm.com> References: <20180201184749.29430-1-julien.grall@arm.com> Cc: andrew.cooper3@citrix.com, Julien Grall , sstabellini@kernel.org, andre.przywara@linaro.org Subject: [Xen-devel] [PATCH v2 3/3] xen/arm: Don't crash the domain on invalid HVC immediate X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" domain_crash_synchronous() should only be used when something went wrong in Xen. It is better to inject to the guest as it will be in a better position to provide helpful information (stack trace...). Signed-off-by: Julien Grall Reviewed-by: Stefano Stabellini --- We potentially want to return -1 instead. This would make Xen more future-proof if we decide to implement the other HVC immediate. Changes in v2: - Add Stefano's reviewed-by --- xen/arch/arm/traps.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/xen/arch/arm/traps.c b/xen/arch/arm/traps.c index 1e85f99ec1..1cba7e584d 100644 --- a/xen/arch/arm/traps.c +++ b/xen/arch/arm/traps.c @@ -1471,14 +1471,17 @@ static void do_debug_trap(struct cpu_user_regs *regs, unsigned int code) #endif static void do_trap_hypercall(struct cpu_user_regs *regs, register_t *nr, - unsigned long iss) + const union hsr hsr) { arm_hypercall_fn_t call = NULL; BUILD_BUG_ON(NR_hypercalls < ARRAY_SIZE(arm_hypercall_table) ); - if ( iss != XEN_HYPERCALL_TAG ) - domain_crash_synchronous(); + if ( hsr.iss != XEN_HYPERCALL_TAG ) + { + gprintk(XENLOG_WARNING, "Invalid HVC imm 0x%x\n", hsr.iss); + return inject_undef_exception(regs, hsr); + } if ( *nr >= ARRAY_SIZE(arm_hypercall_table) ) { @@ -2109,7 +2112,7 @@ void do_trap_guest_sync(struct cpu_user_regs *regs) if ( hsr.iss == 0 ) return do_trap_hvc_smccc(regs); nr = regs->r12; - do_trap_hypercall(regs, &nr, hsr.iss); + do_trap_hypercall(regs, &nr, hsr); regs->r12 = (uint32_t)nr; break; } @@ -2123,7 +2126,7 @@ void do_trap_guest_sync(struct cpu_user_regs *regs) #endif if ( hsr.iss == 0 ) return do_trap_hvc_smccc(regs); - do_trap_hypercall(regs, ®s->x16, hsr.iss); + do_trap_hypercall(regs, ®s->x16, hsr); break; case HSR_EC_SMC64: /*