@@ -2363,6 +2363,13 @@ done:
if (first) unmap_domain_page(first);
}
+static inline paddr_t get_faulting_ipa(void)
+{
+ register_t hpfar = READ_SYSREG(HPFAR_EL2);
+
+ return ((paddr_t)(hpfar & HPFAR_MASK) << (12 - 4));
+}
+
static void do_trap_instr_abort_guest(struct cpu_user_regs *regs,
const union hsr hsr)
{
@@ -2381,7 +2388,7 @@ static void do_trap_instr_abort_guest(struct cpu_user_regs *regs,
};
if ( hsr.iabt.s1ptw )
- gpa = READ_SYSREG(HPFAR_EL2);
+ gpa = get_faulting_ipa();
else
{
/*
@@ -2431,7 +2438,7 @@ static void do_trap_data_abort_guest(struct cpu_user_regs *regs,
#endif
if ( dabt.s1ptw )
- info.gpa = READ_SYSREG(HPFAR_EL2);
+ info.gpa = get_faulting_ipa();
else
{
rc = gva_to_ipa(info.gva, &info.gpa, GV2M_READ);
@@ -565,6 +565,13 @@ union hsr {
#define FSC_LL_MASK (_AC(0x03,U)<<0)
+/* HPFAR_EL2: Hypervisor IPA Fault Address Register */
+#ifdef CONFIG_ARM_64
+#define HPFAR_MASK GENMASK(39, 4)
+#else
+#define HPFAR_MASK GENMASK(31, 4)
+#endif
+
/* Time counter hypervisor control register */
#define CNTHCTL_EL2_EL1PCTEN (1u<<0) /* Kernel/user access to physical counter */
#define CNTHCTL_EL2_EL1PCEN (1u<<1) /* Kernel/user access to CNTP timer regs */
The register HPFAR_EL2 (resp. HPFAR on arm32) contains the bits [47:12] (resp. [39:12]) of the faulting IPA. Unlike other registers that represent an address, the upper bits of the IPA are stored in the register bits [4:39] (resp. [4:21]). However, Xen assumes that the register contains the faulting IPA correctly offsetted. This will result to get a wrong IPA when the fault is happening during a translation table walk. Note this is only affecting memaccess. Introduce a new helper to get the faulting IPA from HPFAR_EL2 and replace direct read from the register by the helper. Signed-off-by: Julien Grall <julien.grall@arm.com> --- Cc: tamas@tklengyel.com This is a bug fix for Xen 4.7 and should also be backported to Xen 4.6. Without this patch, the faulting IPA reported to memaccess may be wrong. --- xen/arch/arm/traps.c | 11 +++++++++-- xen/include/asm-arm/processor.h | 7 +++++++ 2 files changed, 16 insertions(+), 2 deletions(-)