From patchwork Thu Jul 25 15:21:30 2013
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Julien Grall <julien.grall@linaro.org>
X-Patchwork-Id: 18577
Return-Path: <patchwork-forward+bncBCI3N6FH3YJRBC4FYWHQKGQEEX3P7GA@linaro.org>
X-Original-To: linaro@patches.linaro.org
Delivered-To: linaro@patches.linaro.org
Received: from mail-vb0-f72.google.com (mail-vb0-f72.google.com
 [209.85.212.72])
 by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id 859AA25E59
 for <linaro@patches.linaro.org>; Thu, 25 Jul 2013 15:21:47 +0000 (UTC)
Received: by mail-vb0-f72.google.com with SMTP id p12sf731744vbe.7
 for <linaro@patches.linaro.org>; Thu, 25 Jul 2013 08:21:47 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=google.com; s=20120113;
 h=mime-version:x-beenthere:x-forwarded-to:x-forwarded-for
 :delivered-to:from:to:cc:subject:date:message-id:x-mailer
 :in-reply-to:references:x-gm-message-state:x-original-sender
 :x-original-authentication-results:precedence:mailing-list:list-id
 :x-google-group-id:list-post:list-help:list-archive:list-unsubscribe; 
 bh=0FkYc2dDdNjJco8HAwa2fDYrmNdBtrUcEjvtcK+GS84=;
 b=krMx6+XKPTlDoaeKN3deUprBs7oXtPC82yVWTMNRPq0jLvYPF6O8XGR20Niv/eKv2E
 +aOsyQUAKzEIGpKdn+e/HW44wQpP9zWeTTv48iDsVc2szHm5QeJuPWtEXKhdnytvep2v
 HtFsNywPSWHfFHBe3yS9fWNZUDz30OlT6Z47a4LQHioHmjsoG8RRWytp6shypXkY2o01
 ZQfVteFfgBqk6UJZaC+PUGQJVB7xnGN+f0ERrtYT65PukYe5WwKJ8QI8HDZ6RIfkhyow
 1BXaIyPJKVBnE777/JEIb9TBBtBef6teaV7kVU5rrRSXs9pzJiS98+roHBp24D8+fgIk
 Z/Wg==
X-Received: by 10.236.190.72 with SMTP id d48mr499115yhn.0.1374765707044;
 Thu, 25 Jul 2013 08:21:47 -0700 (PDT)
MIME-Version: 1.0
X-BeenThere: patchwork-forward@linaro.org
Received: by 10.49.26.38 with SMTP id i6ls173429qeg.33.gmail;
 Thu, 25 Jul 2013 08:21:46 -0700 (PDT)
X-Received: by 10.52.166.2 with SMTP id zc2mr15145495vdb.89.1374765706903;
 Thu, 25 Jul 2013 08:21:46 -0700 (PDT)
Received: from mail-vc0-f174.google.com (mail-vc0-f174.google.com
 [209.85.220.174])
 by mx.google.com with ESMTPS id u10si470253vcj.53.2013.07.25.08.21.46
 for <patchwork-forward@linaro.org>
 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
 Thu, 25 Jul 2013 08:21:46 -0700 (PDT)
Received-SPF: neutral (google.com: 209.85.220.174 is neither permitted nor
 denied by best guess record for domain of
 patch+caf_=patchwork-forward=linaro.org@linaro.org)
 client-ip=209.85.220.174; 
Received: by mail-vc0-f174.google.com with SMTP id gd11so211726vcb.33
 for <patchwork-forward@linaro.org>;
 Thu, 25 Jul 2013 08:21:46 -0700 (PDT)
X-Received: by 10.220.53.7 with SMTP id k7mr829932vcg.52.1374765706822;
 Thu, 25 Jul 2013 08:21:46 -0700 (PDT)
X-Forwarded-To: patchwork-forward@linaro.org
X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org
Delivered-To: patches@linaro.org
Received: by 10.58.165.8 with SMTP id yu8csp82784veb;
 Thu, 25 Jul 2013 08:21:46 -0700 (PDT)
X-Received: by 10.180.102.36 with SMTP id fl4mr2455136wib.45.1374765705850; 
 Thu, 25 Jul 2013 08:21:45 -0700 (PDT)
Received: from mail-wg0-f42.google.com (mail-wg0-f42.google.com
 [74.125.82.42]) by mx.google.com with ESMTPS id
 nj19si1774136wic.71.2013.07.25.08.21.45 for <patches@linaro.org>
 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
 Thu, 25 Jul 2013 08:21:45 -0700 (PDT)
Received-SPF: neutral (google.com: 74.125.82.42 is neither permitted nor
 denied by best guess record for domain of
 julien.grall@linaro.org) client-ip=74.125.82.42; 
Received: by mail-wg0-f42.google.com with SMTP id j13so4224493wgh.3
 for <patches@linaro.org>; Thu, 25 Jul 2013 08:21:45 -0700 (PDT)
X-Received: by 10.180.205.236 with SMTP id lj12mr1947247wic.22.1374765705242; 
 Thu, 25 Jul 2013 08:21:45 -0700 (PDT)
Received: from belegaer.uk.xensource.com. (firewall.ctxuk.citrix.com.
 [46.33.159.2]) by mx.google.com with ESMTPSA id
 nb12sm2536766wic.3.2013.07.25.08.21.43 for <multiple recipients>
 (version=TLSv1.2 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
 Thu, 25 Jul 2013 08:21:44 -0700 (PDT)
From: Julien Grall <julien.grall@linaro.org>
To: xen-devel@lists.xen.org
Cc: ian.campbell@citrix.com, Stefano.Stabellini@eu.citrix.com,
 patches@linaro.org, Julien Grall <julien.grall@linaro.org>
Subject: [PATCH v2 1/3] xen/arm: Don't emulate the MMIO access if the
 instruction syndrome is invalid
Date: Thu, 25 Jul 2013 16:21:30 +0100
Message-Id: <1374765692-31370-2-git-send-email-julien.grall@linaro.org>
X-Mailer: git-send-email 1.7.10.4
In-Reply-To: <1374765692-31370-1-git-send-email-julien.grall@linaro.org>
References: <1374765692-31370-1-git-send-email-julien.grall@linaro.org>
X-Gm-Message-State: ALoCoQm91uAGtFP9K/Iwc5nKst7S36jmt3q2108C2rVVCYp4XZcGhVlQoCoZaavx6lssNonsl01Y
X-Original-Sender: julien.grall@linaro.org
X-Original-Authentication-Results: mx.google.com;       spf=neutral
 (google.com: 209.85.220.174 is neither permitted nor denied by best
 guess record for domain of
 patch+caf_=patchwork-forward=linaro.org@linaro.org)
 smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org
Precedence: list
Mailing-list: list patchwork-forward@linaro.org;
 contact patchwork-forward+owners@linaro.org
List-ID: <patchwork-forward.linaro.org>
X-Google-Group-Id: 836684582541
List-Post: <http://groups.google.com/a/linaro.org/group/patchwork-forward/post>, 
 <mailto:patchwork-forward@linaro.org>
List-Help: <http://support.google.com/a/linaro.org/bin/topic.py?topic=25838>, 
 <mailto:patchwork-forward+help@linaro.org>
List-Archive: <http://groups.google.com/a/linaro.org/group/patchwork-forward/>
List-Unsubscribe: <http://groups.google.com/a/linaro.org/group/patchwork-forward/subscribe>, 
 <mailto:googlegroups-manage+836684582541+unsubscribe@googlegroups.com>

When the instruction syndrome is not valid, the transfer register is unknown.
If this register is used in the emulation code (it's the case for the VGIC),
Xen can retrieve wrong data.

For safety, consider invalid instruction syndrome as wrong memory access.

Signed-off-by: Julien Grall <julien.grall@linaro.org>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
---
 xen/arch/arm/traps.c |    4 ++++
 1 file changed, 4 insertions(+)

diff --git a/xen/arch/arm/traps.c b/xen/arch/arm/traps.c
index bbd60aa..d6dc37d 100644
--- a/xen/arch/arm/traps.c
+++ b/xen/arch/arm/traps.c
@@ -1017,6 +1017,10 @@ static void do_trap_data_abort_guest(struct cpu_user_regs *regs,
     if ( rc == -EFAULT )
         goto bad_data_abort;
 
+    /* XXX: Decode the instruction if ISS is not valid */
+    if ( !dabt.valid )
+        goto bad_data_abort;
+
     if (handle_mmio(&info))
     {
         regs->pc += dabt.len ? 4 : 2;