From patchwork Wed May 15 20:17:30 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Julien Grall X-Patchwork-Id: 164310 Delivered-To: patch@linaro.org Received: by 2002:a92:9e1a:0:0:0:0:0 with SMTP id q26csp1202515ili; Wed, 15 May 2019 13:19:16 -0700 (PDT) X-Google-Smtp-Source: APXvYqzwfrluA/SRe4NjMqVZQeUWhVflyOY17/0+bn2sAzP2Ft3OmFl7P3Sw6cWD9Br5oWCiStJ2 X-Received: by 2002:a5d:83c5:: with SMTP id u5mr8841686ior.137.1557951556555; Wed, 15 May 2019 13:19:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1557951556; cv=none; d=google.com; s=arc-20160816; b=TsNYOtT1Nm6v+W6CkxHN2sLeNO3maeLdEVVzsghg6hh0cNrxXXI96zNFvdxN7DKZJB uMUk4MRkr673RgvbAHqDldl0Kn6mY95PkxhCqH/9Vz/R7SCPmrhqHvt/1c2AcaY1EkGa Q5qX4ZPUydP2A+BJVyijmDY/v0RRVui2AXVW8xvg00dUaMnswIoQ3z5DTf8xenb9CJTq 5yNsgS/ad9tgR4Y4bk+fjy4kldRzb1IXcdDs0maLVEsgUCz4Fo8k0ePzO+KGxmxszOLg X3fg6Nj93bJakuyWY79eq3+69++cIsSSgQ5xCIkx82+p2ZSBLqEAII7bmqvsr/ZHQkgn wJBw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:cc:list-subscribe :list-help:list-post:list-unsubscribe:list-id:precedence:subject :mime-version:message-id:date:to:from; bh=EIPVAc8CoCfPsCHD8fXgngaIxsm3t+VzttFEgTmzc6g=; b=DiJKgCtPcbBH2qOTvDTJJ5thkVt1NV+uKxX0eDCpibrO/vNMkRCaiTivlq/XSlVIyW uglz5oTi9ghoM9JPSMFJ6RbLGRQlmi3rugW9+9GxnEYzB2n37a9jTCk0VA4do6OWBJdE V2NDGOvH5V9ehEx6ApPLWbH4tE+7FWmoI6pbafivjtkQqeIwSTeVUy1s8BJrdfDckNL6 bDh8Dr2gAlrFJnlMb7Zu2lmkNx41iIjCnKwQni1ncwhRZZhFhxa9uLRb56iBPQNNri8g OMe0DKacNZph4/zWKlHchg//nqJ86YGN0HXYabmyMROWB2WT57NFoOhSEpMaAi+ldHHn PeyA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of xen-devel-bounces@lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Return-Path: Received: from lists.xenproject.org (lists.xenproject.org. [192.237.175.120]) by mx.google.com with ESMTPS id u136si2087401itb.115.2019.05.15.13.19.16 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Wed, 15 May 2019 13:19:16 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of xen-devel-bounces@lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of xen-devel-bounces@lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1hR0LP-0003jc-BH; Wed, 15 May 2019 20:17:43 +0000 Received: from all-amaz-eas1.inumbo.com ([34.197.232.57] helo=us1-amaz-eas2.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1hR0LN-0003jX-V6 for xen-devel@lists.xenproject.org; Wed, 15 May 2019 20:17:41 +0000 X-Inumbo-ID: 7ccc11ea-774e-11e9-96d2-3bf8880a9c96 Received: from foss.arm.com (unknown [217.140.101.70]) by us1-amaz-eas2.inumbo.com (Halon) with ESMTP id 7ccc11ea-774e-11e9-96d2-3bf8880a9c96; Wed, 15 May 2019 20:17:40 +0000 (UTC) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 6E21C374; Wed, 15 May 2019 13:17:39 -0700 (PDT) Received: from e108454-lin.cambridge.arm.com (e108454-lin.cambridge.arm.com [10.1.196.50]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 386143F703; Wed, 15 May 2019 13:17:38 -0700 (PDT) From: Julien Grall To: xen-devel@lists.xenproject.org Date: Wed, 15 May 2019 21:17:30 +0100 Message-Id: <20190515201730.19079-1-julien.grall@arm.com> X-Mailer: git-send-email 2.11.0 MIME-Version: 1.0 Subject: [Xen-devel] [PATCH] xen/arm: traps: Avoid using BUG_ON() to check guest state in advance_pc() X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: =?utf-8?q?Lukas_J=C3=BCnger?= , Oleksandr_Tyshchenko@epam.com, Julien Grall , sstabellini@kernel.org, Andrii_Anisov@epam.com Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" The condition of the BUG_ON() in advance_pc() is pretty wrong because the bits [26:25] and [15:10] have a different meaning between AArch32 and AArch64 state. On AArch32, they are used to store PSTATE.IT. On AArch64, they are RES0 or used for new feature (e.g ARMv8.0-SSBS, ARMv8.5-BTI). This means a 64-bit guest will hit the BUG_ON() if it is trying to use any of these features. More generally, RES0 means that the bits is reserved for future use. So crashing the host is definitely not the right solution. In this particular case, we only need to know the guest was using 32-bit Mode and the Thumb instructions. So replace the BUG_ON() by a proper check. Reported-by: Lukas Jünger Signed-off-by: Julien Grall Reviewed-by: Stefano Stabellini --- This patch needs to be backported as far as possible. Otherwise Xen would not be able to run on processor implementing ARMv8.0-SSBS, ARMv8.5-BTI or ARMv8.5-MemTag. The former is actually the most critical as this is used for controlling mitagion for SSBD (aka Spectre v4) in hardware. --- xen/arch/arm/traps.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/xen/arch/arm/traps.c b/xen/arch/arm/traps.c index d8b9a8a0f0..798a3a45a4 100644 --- a/xen/arch/arm/traps.c +++ b/xen/arch/arm/traps.c @@ -1650,12 +1650,9 @@ int check_conditional_instr(struct cpu_user_regs *regs, const union hsr hsr) void advance_pc(struct cpu_user_regs *regs, const union hsr hsr) { unsigned long itbits, cond, cpsr = regs->cpsr; + bool is_thumb = psr_mode_is_32bit(cpsr) && (cpsr & PSR_THUMB); - /* PSR_IT_MASK bits can only be set for 32-bit processors in Thumb mode. */ - BUG_ON( (!psr_mode_is_32bit(cpsr)||!(cpsr&PSR_THUMB)) - && (cpsr&PSR_IT_MASK) ); - - if ( cpsr&PSR_IT_MASK ) + if ( is_thumb && (cpsr & PSR_IT_MASK) ) { /* The ITSTATE[7:0] block is contained in CPSR[15:10],CPSR[26:25] *