From patchwork Thu Jul 25 15:21:32 2013
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Julien Grall <julien.grall@linaro.org>
X-Patchwork-Id: 18579
Return-Path: <patchwork-forward+bncBCI3N6FH3YJRBDUFYWHQKGQEYSOOB2I@linaro.org>
X-Original-To: linaro@patches.linaro.org
Delivered-To: linaro@patches.linaro.org
Received: from mail-qe0-f70.google.com (mail-qe0-f70.google.com
 [209.85.128.70])
 by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id C0C5D25E89
 for <linaro@patches.linaro.org>; Thu, 25 Jul 2013 15:21:50 +0000 (UTC)
Received: by mail-qe0-f70.google.com with SMTP id 2sf760918qea.5
 for <linaro@patches.linaro.org>; Thu, 25 Jul 2013 08:21:50 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=google.com; s=20120113;
 h=x-beenthere:x-forwarded-to:x-forwarded-for:delivered-to:from:to:cc
 :subject:date:message-id:x-mailer:in-reply-to:references
 :mime-version:x-gm-message-state:x-original-sender
 :x-original-authentication-results:precedence:mailing-list:list-id
 :x-google-group-id:list-post:list-help:list-archive:list-unsubscribe
 :content-type:content-transfer-encoding;
 bh=t48QY7T6hYc6fe8lFyziNvd3pBNdLuIFim2GvBsyILU=;
 b=XRWuvlS+AJb6977n+j5Y/Y5HYIWK30YGDaFDHQXj689DXgY/NH1XSmJd0CfqYKQFEh
 OOkpj6dmnVmFfe+IUdZcoGmNN/KaTKtlY2gBVnZSwHynDW5Hceq8z1yLGLG4XOIrPxbl
 /14FS5hsvbRK73SOxtnboFhWcf9I4zWtfGdG3vwoyXlcEPcR5wrsBbzPffwGkBYPwdrD
 sxbGU5v2eYFwtOgDI5nY4BAIxXdnSN9de56pOl8Gn8yo69TZDeBMVcJCNzu1nvQropmQ
 Zik3l5Ak9Y+CXnP3exn1h6qMbS1bYsTjHXRthGVafuhg21Xlw3K6/72jKoBMeA7AVGZi
 jemw==
X-Received: by 10.236.206.105 with SMTP id k69mr23209876yho.8.1374765710435; 
 Thu, 25 Jul 2013 08:21:50 -0700 (PDT)
X-BeenThere: patchwork-forward@linaro.org
Received: by 10.49.85.232 with SMTP id k8ls678530qez.55.gmail; Thu, 25 Jul
 2013 08:21:50 -0700 (PDT)
X-Received: by 10.52.164.227 with SMTP id yt3mr15149022vdb.107.1374765710238; 
 Thu, 25 Jul 2013 08:21:50 -0700 (PDT)
Received: from mail-ve0-f180.google.com (mail-ve0-f180.google.com
 [209.85.128.180]) by mx.google.com with ESMTPS id
 st7si12509596vec.87.2013.07.25.08.21.50
 for <patchwork-forward@linaro.org>
 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
 Thu, 25 Jul 2013 08:21:50 -0700 (PDT)
Received-SPF: neutral (google.com: 209.85.128.180 is neither permitted nor
 denied by best guess record for domain of
 patch+caf_=patchwork-forward=linaro.org@linaro.org)
 client-ip=209.85.128.180; 
Received: by mail-ve0-f180.google.com with SMTP id pa12so558932veb.11
 for <patchwork-forward@linaro.org>;
 Thu, 25 Jul 2013 08:21:50 -0700 (PDT)
X-Received: by 10.58.135.227 with SMTP id pv3mr18065556veb.21.1374765710129; 
 Thu, 25 Jul 2013 08:21:50 -0700 (PDT)
X-Forwarded-To: patchwork-forward@linaro.org
X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org
Delivered-To: patches@linaro.org
Received: by 10.58.165.8 with SMTP id yu8csp82787veb;
 Thu, 25 Jul 2013 08:21:49 -0700 (PDT)
X-Received: by 10.194.242.99 with SMTP id wp3mr30968595wjc.78.1374765709100; 
 Thu, 25 Jul 2013 08:21:49 -0700 (PDT)
Received: from mail-wi0-f170.google.com (mail-wi0-f170.google.com
 [209.85.212.170])
 by mx.google.com with ESMTPS id q2si1127066wif.70.2013.07.25.08.21.48
 for <patches@linaro.org>
 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
 Thu, 25 Jul 2013 08:21:49 -0700 (PDT)
Received-SPF: neutral (google.com: 209.85.212.170 is neither permitted nor
 denied by best guess record for domain of
 julien.grall@linaro.org) client-ip=209.85.212.170; 
Received: by mail-wi0-f170.google.com with SMTP id ey16so6612140wid.1
 for <patches@linaro.org>; Thu, 25 Jul 2013 08:21:48 -0700 (PDT)
X-Received: by 10.180.187.136 with SMTP id fs8mr2502879wic.18.1374765708641; 
 Thu, 25 Jul 2013 08:21:48 -0700 (PDT)
Received: from belegaer.uk.xensource.com. (firewall.ctxuk.citrix.com.
 [46.33.159.2]) by mx.google.com with ESMTPSA id
 nb12sm2536766wic.3.2013.07.25.08.21.47 for <multiple recipients>
 (version=TLSv1.2 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
 Thu, 25 Jul 2013 08:21:47 -0700 (PDT)
From: Julien Grall <julien.grall@linaro.org>
To: xen-devel@lists.xen.org
Cc: ian.campbell@citrix.com, Stefano.Stabellini@eu.citrix.com,
 patches@linaro.org, Julien Grall <julien.grall@linaro.org>
Subject: [PATCH v2 3/3] xen/arm: errata 766422: decode thumb store during
 data abort
Date: Thu, 25 Jul 2013 16:21:32 +0100
Message-Id: <1374765692-31370-4-git-send-email-julien.grall@linaro.org>
X-Mailer: git-send-email 1.7.10.4
In-Reply-To: <1374765692-31370-1-git-send-email-julien.grall@linaro.org>
References: <1374765692-31370-1-git-send-email-julien.grall@linaro.org>
MIME-Version: 1.0
X-Gm-Message-State: ALoCoQnuy9yQ2uLUtJLb42yYOI3cNQlVkDtbh6jaOa/hequbtSFTqUeZTFDa/Q19OYi3zbsKAYbP
X-Original-Sender: julien.grall@linaro.org
X-Original-Authentication-Results: mx.google.com;       spf=neutral
 (google.com: 209.85.128.180 is neither permitted nor denied by best
 guess record for domain of
 patch+caf_=patchwork-forward=linaro.org@linaro.org)
 smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org
Precedence: list
Mailing-list: list patchwork-forward@linaro.org;
 contact patchwork-forward+owners@linaro.org
List-ID: <patchwork-forward.linaro.org>
X-Google-Group-Id: 836684582541
List-Post: <http://groups.google.com/a/linaro.org/group/patchwork-forward/post>, 
 <mailto:patchwork-forward@linaro.org>
List-Help: <http://support.google.com/a/linaro.org/bin/topic.py?topic=25838>, 
 <mailto:patchwork-forward+help@linaro.org>
List-Archive: <http://groups.google.com/a/linaro.org/group/patchwork-forward/>
List-Unsubscribe: <http://groups.google.com/a/linaro.org/group/patchwork-forward/subscribe>, 
 <mailto:googlegroups-manage+836684582541+unsubscribe@googlegroups.com>

>From the errata document:

When a non-secure non-hypervisor memory operation instruction generates a
stage2 page table translation fault, a trap to the hypervisor will be triggered.
For an architecturally defined subset of instructions, the Hypervisor Syndrome
Register (HSR) will have the Instruction Syndrome Valid (ISV) bit set to 1’b1,
and the Rt field should reflect the source register (for stores) or destination
register for loads.
On Cortex-A15, for Thumb and ThumbEE stores, the Rt value may be incorrect
and should not be used, even if the ISV bit is set. All loads, and all ARM
instruction set loads and stores, will have the correct Rt value if the ISV
bit is set.

To avoid this issue, Xen needs to decode thumb store instruction and update
the transfer register.

Signed-off-by: Julien Grall <julien.grall@linaro.org>
---
    Changes in v2:
        - Only decode the instruction on affected processor
        - Handle ARM 32-bit instruction in read_instruction
---
 xen/arch/arm/traps.c                  |   44 +++++++++++++++++++++++++++++++++
 xen/include/asm-arm/arm32/processor.h |    3 +++
 xen/include/asm-arm/arm64/processor.h |    2 ++
 3 files changed, 49 insertions(+)

diff --git a/xen/arch/arm/traps.c b/xen/arch/arm/traps.c
index d6dc37d..3aa2b8c 100644
--- a/xen/arch/arm/traps.c
+++ b/xen/arch/arm/traps.c
@@ -35,6 +35,7 @@
 #include <asm/regs.h>
 #include <asm/cpregs.h>
 #include <asm/psci.h>
+#include <asm/guest_access.h>
 
 #include "io.h"
 #include "vtimer.h"
@@ -996,6 +997,28 @@ done:
     if (first) unmap_domain_page(first);
 }
 
+static int read_instruction(struct cpu_user_regs *regs, unsigned len,
+                            uint32_t *instr)
+{
+    int rc;
+
+    rc = raw_copy_from_guest(instr, (void * __user)regs->pc, (len ? 4 : 2));
+
+    if ( rc )
+        return rc;
+
+    if ( !len ) /* 16-bit instruction */
+        *instr &= 0xffff;
+    else /* 32-bit instruction */
+    {
+        /* THUMB 32-bit instruction consisting of 2 consecutive halfwords */
+        if ( regs->cpsr & PSR_THUMB )
+            *instr = (*instr & 0xffff) << 16 | (*instr & 0xffff0000) >> 16;
+    }
+
+    return 0;
+}
+
 static void do_trap_data_abort_guest(struct cpu_user_regs *regs,
                                      struct hsr_dabt dabt)
 {
@@ -1021,6 +1044,27 @@ static void do_trap_data_abort_guest(struct cpu_user_regs *regs,
     if ( !dabt.valid )
         goto bad_data_abort;
 
+    /*
+     * Errata 766422: Thumb store translation fault to Hypervisor may
+     * not have correct HSR Rt value.
+     */
+    if ( cpu_has_errata_766422() && (regs->cpsr & PSR_THUMB) && dabt.write )
+    {
+        uint32_t instr = 0;
+
+        rc = read_instruction(regs, dabt.len, &instr);
+        if ( rc )
+            goto bad_data_abort;
+
+        /* Retrieve the transfer register from the instruction */
+        if ( dabt.len )
+            /* With 32-bit store instruction, the register is in [12..15] */
+            info.dabt.reg = (instr & 0xf000) >> 12;
+        else
+            /* With 16-bit store instruction, the register is in [0..3] */
+            info.dabt.reg = instr & 0x7;
+    }
+
     if (handle_mmio(&info))
     {
         regs->pc += dabt.len ? 4 : 2;
diff --git a/xen/include/asm-arm/arm32/processor.h b/xen/include/asm-arm/arm32/processor.h
index b266252..bc82fbc 100644
--- a/xen/include/asm-arm/arm32/processor.h
+++ b/xen/include/asm-arm/arm32/processor.h
@@ -111,6 +111,9 @@ struct cpu_user_regs
 #define READ_SYSREG(R...)       READ_SYSREG32(R)
 #define WRITE_SYSREG(V, R...)   WRITE_SYSREG32(V, R)
 
+/* Errata 766422: only Cortex A15 r0p4 is affected */
+#define cpu_has_errata_766422() (current_cpu_data.midr.bits == 0x410fc0f4)
+
 #endif /* __ASSEMBLY__ */
 
 #endif /* __ASM_ARM_ARM32_PROCESSOR_H */
diff --git a/xen/include/asm-arm/arm64/processor.h b/xen/include/asm-arm/arm64/processor.h
index d9fbcb2..ac7f1bd 100644
--- a/xen/include/asm-arm/arm64/processor.h
+++ b/xen/include/asm-arm/arm64/processor.h
@@ -105,6 +105,8 @@ struct cpu_user_regs
 #define READ_SYSREG(name)     READ_SYSREG64(name)
 #define WRITE_SYSREG(v, name) WRITE_SYSREG64(v, name)
 
+#define cpu_has_errata_766422() 0
+
 #endif /* __ASSEMBLY__ */
 
 #endif /* __ASM_ARM_ARM64_PROCESSOR_H */