From patchwork Thu Sep 15 11:28:23 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Julien Grall X-Patchwork-Id: 76285 Delivered-To: patch@linaro.org Received: by 10.140.106.72 with SMTP id d66csp2387328qgf; Thu, 15 Sep 2016 04:30:58 -0700 (PDT) X-Received: by 10.107.132.17 with SMTP id g17mr7032051iod.11.1473939058776; Thu, 15 Sep 2016 04:30:58 -0700 (PDT) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org. [192.237.175.120]) by mx.google.com with ESMTPS id j187si5442426iof.231.2016.09.15.04.30.58 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 15 Sep 2016 04:30:58 -0700 (PDT) Received-SPF: neutral (google.com: 192.237.175.120 is neither permitted nor denied by best guess record for domain of xen-devel-bounces@lists.xen.org) client-ip=192.237.175.120; Authentication-Results: mx.google.com; spf=neutral (google.com: 192.237.175.120 is neither permitted nor denied by best guess record for domain of xen-devel-bounces@lists.xen.org) smtp.mailfrom=xen-devel-bounces@lists.xen.org Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bkUqh-0004e1-Kf; Thu, 15 Sep 2016 11:28:59 +0000 Received: from mail6.bemta5.messagelabs.com ([195.245.231.135]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bkUqg-0004dT-GR for xen-devel@lists.xen.org; Thu, 15 Sep 2016 11:28:58 +0000 Received: from [85.158.139.211] by server-17.bemta-5.messagelabs.com id 04/5A-03778-9F58AD75; Thu, 15 Sep 2016 11:28:57 +0000 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFrrGLMWRWlGSWpSXmKPExsVysyfVTfdn661 wg9cLuSyWfFzM4sDocXT3b6YAxijWzLyk/IoE1oybk2YzF3yXqZhz/hlzA+MlkS5GLg4hgU2M Etd2nGKBcE4zSqybtZmxi5GTg01AU+LO509MILaIgLTEtc+XGUGKmAXaGSXW9vcygySEBbIkp uyZywpiswioSmx8NQmsgVfAReJOxxkwW0JATuLksclANRwcnAKuEkuei4KEhYBKjp3YyTaBkX sBI8MqRvXi1KKy1CJdc72kosz0jJLcxMwcXUMDU73c1OLixPTUnMSkYr3k/NxNjED/MgDBDsZ jk50PMUpyMCmJ8rql3QoX4kvKT6nMSCzOiC8qzUktPsQow8GhJMFrBgwXIcGi1PTUirTMHGCg waQlOHiURHh/tACleYsLEnOLM9MhUqcYFaXEefeBJARAEhmleXBtsOC+xCgrJczLCHSIEE9Ba lFuZgmq/CtGcQ5GJWFeR5DtPJl5JXDTXwEtZgJavGXNdZDFJYkIKakGxim/uUz2fc9a2MguNe 3vXPVfnadO2M4uPuQx8dOjs79FF6vPn7tqgu7XtwU89eU7mAvr71rMSlIM7/382jxmz98gyXl Htsmn8eQ86ZqWm/LCpPfQ0l9s0/jutp3hT3tssUn/Sm/g2v/zCzfelWtcusbnaNhGowi16nlK ux1vdkUc4tyYuTLkzX4lluKMREMt5qLiRAALe+L0aQIAAA== X-Env-Sender: julien.grall@arm.com X-Msg-Ref: server-9.tower-206.messagelabs.com!1473938936!59836488!1 X-Originating-IP: [217.140.101.70] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 8.84; banners=-,-,- X-VirusChecked: Checked Received: (qmail 59456 invoked from network); 15 Sep 2016 11:28:56 -0000 Received: from foss.arm.com (HELO foss.arm.com) (217.140.101.70) by server-9.tower-206.messagelabs.com with SMTP; 15 Sep 2016 11:28:56 -0000 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 3DA3A7D8; Thu, 15 Sep 2016 04:28:56 -0700 (PDT) Received: from e108454-lin.cambridge.arm.com (e108454-lin.cambridge.arm.com [10.1.218.32]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 3B4483F251; Thu, 15 Sep 2016 04:28:55 -0700 (PDT) From: Julien Grall To: xen-devel@lists.xen.org Date: Thu, 15 Sep 2016 12:28:23 +0100 Message-Id: <1473938919-31976-8-git-send-email-julien.grall@arm.com> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1473938919-31976-1-git-send-email-julien.grall@arm.com> References: <1473938919-31976-1-git-send-email-julien.grall@arm.com> Cc: proskurin@sec.in.tum.de, Julien Grall , sstabellini@kernel.org, steve.capper@arm.com, wei.chen@linaro.org Subject: [Xen-devel] [for-4.8][PATCH v2 07/23] xen/arm: traps: Check the P2M before injecting a data/instruction abort X-BeenThere: xen-devel@lists.xen.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: xen-devel-bounces@lists.xen.org Sender: "Xen-devel" A data/instruction abort may have occurred if another CPU was playing with the stage-2 page table when following the break-before-make sequence (see D4.7.1 in ARM DDI 0487A.j). Rather than injecting directly the fault to the guest, we need to check whether the mapping exists. If it exists, return to the guest to replay the instruction. Signed-off-by: Julien Grall --- Changes in v2: - Remove spurious change - Fix typoes --- xen/arch/arm/traps.c | 37 ++++++++++++++++++++++++++++++++++++- 1 file changed, 36 insertions(+), 1 deletion(-) diff --git a/xen/arch/arm/traps.c b/xen/arch/arm/traps.c index 76e4152..d73d29a 100644 --- a/xen/arch/arm/traps.c +++ b/xen/arch/arm/traps.c @@ -2405,6 +2405,7 @@ static void do_trap_instr_abort_guest(struct cpu_user_regs *regs, register_t gva = READ_SYSREG(FAR_EL2); uint8_t fsc = hsr.iabt.ifsc & ~FSC_LL_MASK; paddr_t gpa; + mfn_t mfn; if ( hpfar_is_valid(hsr.iabt.s1ptw, fsc) ) gpa = get_faulting_ipa(gva); @@ -2418,6 +2419,11 @@ static void do_trap_instr_abort_guest(struct cpu_user_regs *regs, */ flush_tlb_local(); + /* + * We may not be able to translate because someone is + * playing with the Stage-2 page table of the domain. + * Return to the guest. + */ rc = gva_to_ipa(gva, &gpa, GV2M_READ); if ( rc == -EFAULT ) return; /* Try again */ @@ -2438,8 +2444,17 @@ static void do_trap_instr_abort_guest(struct cpu_user_regs *regs, /* Trap was triggered by mem_access, work here is done */ if ( !rc ) return; + break; } - break; + case FSC_FLT_TRANS: + /* + * The PT walk may have failed because someone was playing + * with the Stage-2 page table. Walk the Stage-2 PT to check + * if the entry exists. If it's the case, return to the guest + */ + mfn = p2m_lookup(current->domain, _gfn(paddr_to_pfn(gpa)), NULL); + if ( !mfn_eq(mfn, INVALID_MFN) ) + return; } inject_iabt_exception(regs, gva, hsr.len); @@ -2484,6 +2499,7 @@ static void do_trap_data_abort_guest(struct cpu_user_regs *regs, int rc; mmio_info_t info; uint8_t fsc = hsr.dabt.dfsc & ~FSC_LL_MASK; + mfn_t mfn; info.dabt = dabt; #ifdef CONFIG_ARM_32 @@ -2497,6 +2513,11 @@ static void do_trap_data_abort_guest(struct cpu_user_regs *regs, else { rc = gva_to_ipa(info.gva, &info.gpa, GV2M_READ); + /* + * We may not be able to translate because someone is + * playing with the Stage-2 page table of the domain. + * Return to the guest. + */ if ( rc == -EFAULT ) return; /* Try again */ } @@ -2520,11 +2541,25 @@ static void do_trap_data_abort_guest(struct cpu_user_regs *regs, break; } case FSC_FLT_TRANS: + /* + * Attempt first to emulate the MMIO as the data abort will + * likely happen in an emulated region. + */ if ( try_handle_mmio(regs, &info) ) { advance_pc(regs, hsr); return; } + + /* + * The PT walk may have failed because someone was playing + * with the Stage-2 page table. Walk the Stage-2 PT to check + * if the entry exists. If it's the case, return to the guest + */ + mfn = p2m_lookup(current->domain, _gfn(paddr_to_pfn(info.gpa)), NULL); + if ( !mfn_eq(mfn, INVALID_MFN) ) + return; + break; default: gprintk(XENLOG_WARNING, "Unsupported DFSC: HSR=%#x DFSC=%#x\n",