From patchwork Tue Jul 23 18:05:11 2013
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Julien Grall <julien.grall@linaro.org>
X-Patchwork-Id: 18542
Return-Path: <patchwork-forward+bncBCI3N6FH3YJRBX4LXOHQKGQEC4LB6VQ@linaro.org>
X-Original-To: linaro@patches.linaro.org
Delivered-To: linaro@patches.linaro.org
Received: from mail-qc0-f197.google.com (mail-qc0-f197.google.com
 [209.85.216.197])
 by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id CC5A825E75
 for <linaro@patches.linaro.org>; Tue, 23 Jul 2013 18:05:19 +0000 (UTC)
Received: by mail-qc0-f197.google.com with SMTP id u12sf10224148qcx.0
 for <linaro@patches.linaro.org>; Tue, 23 Jul 2013 11:05:19 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=google.com; s=20120113;
 h=mime-version:x-beenthere:x-forwarded-to:x-forwarded-for
 :delivered-to:from:to:cc:subject:date:message-id:x-mailer
 :in-reply-to:references:x-gm-message-state:x-original-sender
 :x-original-authentication-results:precedence:mailing-list:list-id
 :x-google-group-id:list-post:list-help:list-archive:list-unsubscribe; 
 bh=mEqijYWLCuxrWlYEcnpokWhHgEYGEUO/5pWs6lyw61c=;
 b=kitirfNlj5OGNlpmzOai9vSMvlBmJuMrOmjIcMCwT4mI495u19BPDtO1fm2a9DU+Wj
 Wtw50RK8QqsiMKDHw3ETMSf0zW1qXOxZ0l5JTx2/sTbG8SfwxJNcApso9GHoAhWlAIIl
 zL4hLkDyBtDA2XxaBKYUWmqJFZFg9kPfDSG6lo7EbD01+4md1VdY2c7NkiH7/8zU3ZYu
 Hs2xntIZLPPUEnSWo3ZBqsPTrDzIbLbjtobYCIcZd0X9W5p5EuLIc8o0I2JiFB+AqGXT
 vIthFjXnr3C2fPEHuU2s+A9NyAUqiRZucmLxEIvPxjTizzIRTFWjTyJF+hpcAsd4/U+0
 IpnQ==
X-Received: by 10.236.194.33 with SMTP id l21mr18834509yhn.42.1374602719548; 
 Tue, 23 Jul 2013 11:05:19 -0700 (PDT)
MIME-Version: 1.0
X-BeenThere: patchwork-forward@linaro.org
Received: by 10.49.18.196 with SMTP id y4ls3256957qed.38.gmail; Tue, 23 Jul
 2013 11:05:19 -0700 (PDT)
X-Received: by 10.220.98.68 with SMTP id p4mr11999395vcn.28.1374602719442;
 Tue, 23 Jul 2013 11:05:19 -0700 (PDT)
Received: from mail-vb0-f48.google.com (mail-vb0-f48.google.com
 [209.85.212.48]) by mx.google.com with ESMTPS id
 xs10si8679647vcb.118.2013.07.23.11.05.19
 for <patchwork-forward@linaro.org>
 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
 Tue, 23 Jul 2013 11:05:19 -0700 (PDT)
Received-SPF: neutral (google.com: 209.85.212.48 is neither permitted nor
 denied by best guess record for domain of
 patch+caf_=patchwork-forward=linaro.org@linaro.org)
 client-ip=209.85.212.48; 
Received: by mail-vb0-f48.google.com with SMTP id w15so5824669vbf.35
 for <patchwork-forward@linaro.org>;
 Tue, 23 Jul 2013 11:05:19 -0700 (PDT)
X-Received: by 10.220.203.197 with SMTP id fj5mr12478002vcb.60.1374602719369; 
 Tue, 23 Jul 2013 11:05:19 -0700 (PDT)
X-Forwarded-To: patchwork-forward@linaro.org
X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org
Delivered-To: patches@linaro.org
Received: by 10.58.165.8 with SMTP id yu8csp120050veb;
 Tue, 23 Jul 2013 11:05:18 -0700 (PDT)
X-Received: by 10.180.107.163 with SMTP id hd3mr34041948wib.13.1374602718440; 
 Tue, 23 Jul 2013 11:05:18 -0700 (PDT)
Received: from mail-we0-f178.google.com (mail-we0-f178.google.com
 [74.125.82.178])
 by mx.google.com with ESMTPS id s2si1796230wix.0.2013.07.23.11.05.17
 for <patches@linaro.org>
 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
 Tue, 23 Jul 2013 11:05:18 -0700 (PDT)
Received-SPF: neutral (google.com: 74.125.82.178 is neither permitted nor
 denied by best guess record for domain of
 julien.grall@linaro.org) client-ip=74.125.82.178; 
Received: by mail-we0-f178.google.com with SMTP id u57so2937179wes.37
 for <patches@linaro.org>; Tue, 23 Jul 2013 11:05:17 -0700 (PDT)
X-Received: by 10.194.103.226 with SMTP id fz2mr23771627wjb.75.1374602717860; 
 Tue, 23 Jul 2013 11:05:17 -0700 (PDT)
Received: from belegaer.uk.xensource.com. (firewall.ctxuk.citrix.com.
 [46.33.159.2]) by mx.google.com with ESMTPSA id
 iz8sm7692080wic.3.2013.07.23.11.05.16 for <multiple recipients>
 (version=TLSv1.2 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
 Tue, 23 Jul 2013 11:05:17 -0700 (PDT)
From: Julien Grall <julien.grall@linaro.org>
To: xen-devel@lists.xen.org
Cc: ian.campbell@citrix.com, Stefano.Stabellini@eu.citrix.com,
 patches@linaro.org, Julien Grall <julien.grall@linaro.org>
Subject: [PATCH 1/3] xen/arm: Don't emulate the MMIO access if the
 instruction syndrome is invalid
Date: Tue, 23 Jul 2013 19:05:11 +0100
Message-Id: <1374602713-716-2-git-send-email-julien.grall@linaro.org>
X-Mailer: git-send-email 1.7.10.4
In-Reply-To: <1374602713-716-1-git-send-email-julien.grall@linaro.org>
References: <1374602713-716-1-git-send-email-julien.grall@linaro.org>
X-Gm-Message-State: ALoCoQnjKJyOM2mXB+DULZWQRsUqY9UvIrDlCG2AefqRRgr/d6xkd4ZUAJE/TEqEgfz0hon1pA3s
X-Original-Sender: julien.grall@linaro.org
X-Original-Authentication-Results: mx.google.com;       spf=neutral
 (google.com: 209.85.212.48 is neither permitted nor denied by best
 guess record for domain of
 patch+caf_=patchwork-forward=linaro.org@linaro.org)
 smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org
Precedence: list
Mailing-list: list patchwork-forward@linaro.org;
 contact patchwork-forward+owners@linaro.org
List-ID: <patchwork-forward.linaro.org>
X-Google-Group-Id: 836684582541
List-Post: <http://groups.google.com/a/linaro.org/group/patchwork-forward/post>, 
 <mailto:patchwork-forward@linaro.org>
List-Help: <http://support.google.com/a/linaro.org/bin/topic.py?topic=25838>, 
 <mailto:patchwork-forward+help@linaro.org>
List-Archive: <http://groups.google.com/a/linaro.org/group/patchwork-forward/>
List-Unsubscribe: <http://groups.google.com/a/linaro.org/group/patchwork-forward/subscribe>, 
 <mailto:googlegroups-manage+836684582541+unsubscribe@googlegroups.com>

When the instruction syndrome is not valid, the transfer register is unknown.
If this register is used in the emulation code (it's the case for the VGIC),
Xen can retrieve wrong data.

For safety, consider invalid instruction syndrome as wrong memory access.

Signed-off-by: Julien Grall <julien.grall@linaro.org>
---
 xen/arch/arm/traps.c |    4 ++++
 1 file changed, 4 insertions(+)

diff --git a/xen/arch/arm/traps.c b/xen/arch/arm/traps.c
index bbd60aa..d6dc37d 100644
--- a/xen/arch/arm/traps.c
+++ b/xen/arch/arm/traps.c
@@ -1017,6 +1017,10 @@ static void do_trap_data_abort_guest(struct cpu_user_regs *regs,
     if ( rc == -EFAULT )
         goto bad_data_abort;
 
+    /* XXX: Decode the instruction if ISS is not valid */
+    if ( !dabt.valid )
+        goto bad_data_abort;
+
     if (handle_mmio(&info))
     {
         regs->pc += dabt.len ? 4 : 2;