From patchwork Fri Feb  2 10:14:41 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Julien Grall <julien.grall@arm.com>
X-Patchwork-Id: 126629
Delivered-To: patch@linaro.org
Received: by 10.46.124.24 with SMTP id x24csp495913ljc;
 Fri, 2 Feb 2018 02:17:43 -0800 (PST)
X-Google-Smtp-Source: AH8x227FHOJ/4WWBFJTnn6Zdn/gZcdCdtPgR49kwEQtbA58+w4B91Dqi+YAJ2Ewlw2N871fFAK7T
X-Received: by 10.36.31.5 with SMTP id d5mr2375340itd.136.1517566663099;
 Fri, 02 Feb 2018 02:17:43 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1517566663; cv=none;
 d=google.com; s=arc-20160816;
 b=m7vIRqTAQZeuUl8Ii6ptl8mvCh2/Gi5nElNfkFJNcmlbax1IL8nr4yKLVeCw+9lus5
 6TkbVgOfSnmwEeQGRnNDU/LPjKstavusADNkO8Sonf9Dk+rJByft8QhnsSc6aEsCGF9j
 YLDPnnZt/jfpbnSbbJRiiOdrOSRCKJ108OJhYVhoNY1IMbGux3HcEJtGiMwHyTXxzQzw
 NQnZNhIxJ1ELIWsNMNXINPXOokWk76FOlmbwxoj3G92iB6D3rZbpluK0siOxd+EZcvl+
 IDRaa4R+To60egPmKcbhQhi7nK7EcXS7JS8Xwn6efB5Qu+NS/OEMj2SyijlvnDFwW5Mn
 eq2w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=sender:errors-to:content-transfer-encoding:mime-version
 :list-subscribe:list-help:list-post:list-unsubscribe:list-id
 :precedence:subject:cc:references:in-reply-to:message-id:date:to
 :from:arc-authentication-results;
 bh=y7JVZ1Z8T36nf0fodl5PV2JPiHx9wLmpqvh8XJ506uc=;
 b=J8rFWqiCd1zoeWoIgBtXjZml6h25yW+NDPiJbDnUNCu7Iu7sdiubu/heisJPDJHnCm
 +tAb5NGMI4XnJXPQrL+cMhhJmzTTn+6upxfX2s8dOyDwZfWZvdNWyOOyIOZu3dN1gXVZ
 0EEd5UCIcLkGDdSaOlV54fYeC/p2PAcpQCG+fUPENS+949T4gHP7peJwIazB3IqHb/5w
 BiT7U0jLjzEIQhdvTk7ecMsj2g3WOVykMWaQfasjkuYo1P3i3/0ig6hiMBL9rGaYsS9k
 x/pOo78H7URpympdhzHEyKZcyD/GBVt+QI7PoJ99D75HM2TikAeix2u61MhP8A3hBLYm
 XwxQ==
ARC-Authentication-Results: i=1; mx.google.com;
 spf=pass (google.com: best guess record for domain of
 xen-devel-bounces@lists.xenproject.org designates
 192.237.175.120 as permitted sender)
 smtp.mailfrom=xen-devel-bounces@lists.xenproject.org
Return-Path: <xen-devel-bounces@lists.xenproject.org>
Received: from lists.xenproject.org (lists.xenproject.org. [192.237.175.120])
 by mx.google.com with ESMTPS id
 b11si1485967iob.148.2018.02.02.02.17.42
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Fri, 02 Feb 2018 02:17:43 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of
 xen-devel-bounces@lists.xenproject.org designates
 192.237.175.120 as permitted sender) client-ip=192.237.175.120; 
Authentication-Results: mx.google.com;
 spf=pass (google.com: best guess record for domain of
 xen-devel-bounces@lists.xenproject.org designates
 192.237.175.120 as permitted sender)
 smtp.mailfrom=xen-devel-bounces@lists.xenproject.org
Received: from localhost ([127.0.0.1] helo=lists.xenproject.org)
 by lists.xenproject.org with esmtp (Exim 4.84_2)
 (envelope-from <xen-devel-bounces@lists.xenproject.org>)
 id 1ehYMy-0006FM-CV; Fri, 02 Feb 2018 10:14:56 +0000
Received: from us1-rack-dfw2.inumbo.com ([104.130.134.6])
 by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from
 <srs0=zyhe=e4=arm.com=julien.grall@srs-us1.protection.inumbo.net>)
 id 1ehYMx-0006FF-Ct
 for xen-devel@lists.xen.org; Fri, 02 Feb 2018 10:14:55 +0000
X-Inumbo-ID: dec3b296-0801-11e8-ba59-bc764e045a96
Received: from foss.arm.com (unknown [217.140.101.70])
 by us1-rack-dfw2.inumbo.com (Halon) with ESMTP
 id dec3b296-0801-11e8-ba59-bc764e045a96;
 Fri, 02 Feb 2018 11:14:36 +0100 (CET)
Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249])
 by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id D92EB1596;
 Fri,  2 Feb 2018 02:14:52 -0800 (PST)
Received: from e108454-lin.cambridge.arm.com (e108454-lin.cambridge.arm.com
 [10.1.206.53])
 by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id
 CA1E93F487; Fri,  2 Feb 2018 02:14:51 -0800 (PST)
From: Julien Grall <julien.grall@arm.com>
To: xen-devel@lists.xen.org
Date: Fri,  2 Feb 2018 10:14:41 +0000
Message-Id: <20180202101444.3510-2-julien.grall@arm.com>
X-Mailer: git-send-email 2.11.0
In-Reply-To: <20180202101444.3510-1-julien.grall@arm.com>
References: <20180202101444.3510-1-julien.grall@arm.com>
Cc: andrew.cooper3@citrix.com, Julien Grall <julien.grall@arm.com>,
 sstabellini@kernel.org, andre.przywara@linaro.org
Subject: [Xen-devel] [PATCH v3 1/4] xen/arm: traps: Merge try_handle_mmio()
 and handle_mmio()
X-BeenThere: xen-devel@lists.xenproject.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: Xen developer discussion <xen-devel.lists.xenproject.org>
List-Unsubscribe: <https://lists.xenproject.org/mailman/options/xen-devel>, 
 <mailto:xen-devel-request@lists.xenproject.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xenproject.org>
List-Help: <mailto:xen-devel-request@lists.xenproject.org?subject=help>
List-Subscribe: <https://lists.xenproject.org/mailman/listinfo/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=subscribe>
MIME-Version: 1.0
Errors-To: xen-devel-bounces@lists.xenproject.org
Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org>

At the moment, try_handle_mmio() will do check on the HSR and bail out
if one check fail. This means that another method will be tried to
handle the fault even for bad access on emulated region. While this
should not be an issue, this is not future proof.

Move the checks of try_handle_mmio() in handle_mmio() after we identified
the fault to target an emulated MMIO. While this does not fix the potential
fall-through, a follow-up patch will do by distinguish the potential error.

Note that the handle_mmio() was renamed to try_handle_mmio() and the
prototype adapted.

While merging the 2 functions, remove the check whether the fault is
stage-2 abort on stage-1 translation walk because the instruction
syndrome will always be invalid (see B3-1433 in DDI 0406C.c and
D10-2460 in DDI 0487C.a).

Signed-off-by: Julien Grall <julien.grall@arm.com>
Reviewed-by: Andre Przywara <andre.przywara@arm.com>
---
    Changes in v2:
        - Patch added
---
 xen/arch/arm/io.c          | 43 ++++++++++++++++++++++++++++++++++++++-----
 xen/arch/arm/traps.c       | 41 -----------------------------------------
 xen/include/asm-arm/mmio.h |  4 +++-
 3 files changed, 41 insertions(+), 47 deletions(-)

diff --git a/xen/arch/arm/io.c b/xen/arch/arm/io.c
index c748d8f5bf..c3e9239ffe 100644
--- a/xen/arch/arm/io.c
+++ b/xen/arch/arm/io.c
@@ -20,9 +20,12 @@
 #include <xen/spinlock.h>
 #include <xen/sched.h>
 #include <xen/sort.h>
+#include <asm/cpuerrata.h>
 #include <asm/current.h>
 #include <asm/mmio.h>
 
+#include "decode.h"
+
 static int handle_read(const struct mmio_handler *handler, struct vcpu *v,
                        mmio_info_t *info)
 {
@@ -100,19 +103,49 @@ static const struct mmio_handler *find_mmio_handler(struct domain *d,
     return handler;
 }
 
-int handle_mmio(mmio_info_t *info)
+int try_handle_mmio(struct cpu_user_regs *regs,
+                    const union hsr hsr,
+                    paddr_t gpa)
 {
     struct vcpu *v = current;
     const struct mmio_handler *handler = NULL;
+    const struct hsr_dabt dabt = hsr.dabt;
+    mmio_info_t info = {
+        .gpa = gpa,
+        .dabt = dabt
+    };
+
+    ASSERT(hsr.ec == HSR_EC_DATA_ABORT_LOWER_EL);
 
-    handler = find_mmio_handler(v->domain, info->gpa);
+    handler = find_mmio_handler(v->domain, info.gpa);
     if ( !handler )
         return 0;
 
-    if ( info->dabt.write )
-        return handle_write(handler, v, info);
+    /* All the instructions used on emulated MMIO region should be valid */
+    if ( !dabt.valid )
+        return 0;
+
+    /*
+     * Erratum 766422: Thumb store translation fault to Hypervisor may
+     * not have correct HSR Rt value.
+     */
+    if ( check_workaround_766422() && (regs->cpsr & PSR_THUMB) &&
+         dabt.write )
+    {
+        int rc;
+
+        rc = decode_instruction(regs, &info.dabt);
+        if ( rc )
+        {
+            gprintk(XENLOG_DEBUG, "Unable to decode instruction\n");
+            return 0;
+        }
+    }
+
+    if ( info.dabt.write )
+        return handle_write(handler, v, &info);
     else
-        return handle_read(handler, v, info);
+        return handle_read(handler, v, &info);
 }
 
 void register_mmio_handler(struct domain *d,
diff --git a/xen/arch/arm/traps.c b/xen/arch/arm/traps.c
index c8534d6cff..2f8d790bb3 100644
--- a/xen/arch/arm/traps.c
+++ b/xen/arch/arm/traps.c
@@ -51,8 +51,6 @@
 #include <asm/vgic.h>
 #include <asm/vtimer.h>
 
-#include "decode.h"
-
 /* The base of the stack must always be double-word aligned, which means
  * that both the kernel half of struct cpu_user_regs (which is pushed in
  * entry.S) and struct cpu_info (which lives at the bottom of a Xen
@@ -1864,45 +1862,6 @@ static inline bool hpfar_is_valid(bool s1ptw, uint8_t fsc)
     return s1ptw || (fsc == FSC_FLT_TRANS && !check_workaround_834220());
 }
 
-static bool try_handle_mmio(struct cpu_user_regs *regs,
-                            const union hsr hsr,
-                            paddr_t gpa)
-{
-    const struct hsr_dabt dabt = hsr.dabt;
-    mmio_info_t info = {
-        .gpa = gpa,
-        .dabt = dabt
-    };
-    int rc;
-
-    ASSERT(hsr.ec == HSR_EC_DATA_ABORT_LOWER_EL);
-
-    /* stage-1 page table should never live in an emulated MMIO region */
-    if ( dabt.s1ptw )
-        return false;
-
-    /* All the instructions used on emulated MMIO region should be valid */
-    if ( !dabt.valid )
-        return false;
-
-    /*
-     * Erratum 766422: Thumb store translation fault to Hypervisor may
-     * not have correct HSR Rt value.
-     */
-    if ( check_workaround_766422() && (regs->cpsr & PSR_THUMB) &&
-         dabt.write )
-    {
-        rc = decode_instruction(regs, &info.dabt);
-        if ( rc )
-        {
-            gprintk(XENLOG_DEBUG, "Unable to decode instruction\n");
-            return false;
-        }
-    }
-
-    return !!handle_mmio(&info);
-}
-
 /*
  * When using ACPI, most of the MMIO regions will be mapped on-demand
  * in stage-2 page tables for the hardware domain because Xen is not
diff --git a/xen/include/asm-arm/mmio.h b/xen/include/asm-arm/mmio.h
index 37e2b7a707..c941073257 100644
--- a/xen/include/asm-arm/mmio.h
+++ b/xen/include/asm-arm/mmio.h
@@ -56,7 +56,9 @@ struct vmmio {
     struct mmio_handler *handlers;
 };
 
-extern int handle_mmio(mmio_info_t *info);
+int try_handle_mmio(struct cpu_user_regs *regs,
+                    const union hsr hsr,
+                    paddr_t gpa);
 void register_mmio_handler(struct domain *d,
                            const struct mmio_handler_ops *ops,
                            paddr_t addr, paddr_t size, void *priv);

From patchwork Fri Feb  2 10:14:42 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Julien Grall <julien.grall@arm.com>
X-Patchwork-Id: 126626
Delivered-To: patch@linaro.org
Received: by 10.46.124.24 with SMTP id x24csp495844ljc;
 Fri, 2 Feb 2018 02:17:37 -0800 (PST)
X-Google-Smtp-Source: AH8x224n+7Lxq1hdS8ks1HpxPbYDGk892J9eALf6/1E8Sm6wQ594YJLnhcjFK8HShOV16JfhZYgc
X-Received: by 10.36.204.67 with SMTP id x64mr47011083itf.153.1517566657820; 
 Fri, 02 Feb 2018 02:17:37 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1517566657; cv=none;
 d=google.com; s=arc-20160816;
 b=lOwqG8pXyvo0qrvLK4blGqAQ9XiLIwtbqjr38sm/+n6FFt16SgKoj/JK5lMjNb58A0
 zQOuMM6vHpZQ8F1F4Kuf2OhzXZI7s471YRU8TMEmbHWHDeI+ac4gTK+MMMRq/8tL42N1
 d6FDvubKk7fhgIzYmhGyzf03HLXurybj51FEqgv5cakbtdxM8Y4UYs0wufyNmc8XNMPC
 xgAHFuzxjzYUXKf5BeFqw9grIXva/9I+SeMIrTl16KvXpfDfz66ng1Yiasr1VvdMOL1A
 2TbzEgW+VrGt9jDSmkUFn63Xwr3jUtw8F8QE8LBf+ojYF//cZifobwaxCIG+x48Swe/6
 TsRQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=sender:errors-to:content-transfer-encoding:mime-version
 :list-subscribe:list-help:list-post:list-unsubscribe:list-id
 :precedence:subject:cc:references:in-reply-to:message-id:date:to
 :from:arc-authentication-results;
 bh=iP6VaKHTpj5MyZdn7ms4GYD+UQxuuKtXFlGdwlBg4HE=;
 b=Hs2ZkbO8buDO5Jfrgwb7vyGjnbYgnkZnPn3X/G+qvX5TulmLjKRVsuOQGBZjQ1XhtV
 5CTSm9wvYLuN5auvMcrPZxOA6YkBHuOvLwzPquiU4wSHT9w1jVLYXIxyN87NIAAXQj1N
 Z6GTNzD9vIu3Fy3Y8Xp2SW76qtTe1WL7h6epSNVOvafStdSsL/KEnBFKUKDSfTji7tsD
 CiLTn2kjkRGExL920Ye7hK+VUnaTOWovQcXfEXgQhKA9niJOJx8erC9wM7P1mlPrghRb
 FY7fziV60O/FruvnKJayzNgKspG4cASeS1Ngw7j/v9HBZAfB7zDG0jgGaGERLYHSYay1
 T6bw==
ARC-Authentication-Results: i=1; mx.google.com;
 spf=pass (google.com: best guess record for domain of
 xen-devel-bounces@lists.xenproject.org designates
 192.237.175.120 as permitted sender)
 smtp.mailfrom=xen-devel-bounces@lists.xenproject.org
Return-Path: <xen-devel-bounces@lists.xenproject.org>
Received: from lists.xenproject.org (lists.xenproject.org. [192.237.175.120])
 by mx.google.com with ESMTPS id
 r16si1587316iob.49.2018.02.02.02.17.37
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Fri, 02 Feb 2018 02:17:37 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of
 xen-devel-bounces@lists.xenproject.org designates
 192.237.175.120 as permitted sender) client-ip=192.237.175.120; 
Authentication-Results: mx.google.com;
 spf=pass (google.com: best guess record for domain of
 xen-devel-bounces@lists.xenproject.org designates
 192.237.175.120 as permitted sender)
 smtp.mailfrom=xen-devel-bounces@lists.xenproject.org
Received: from localhost ([127.0.0.1] helo=lists.xenproject.org)
 by lists.xenproject.org with esmtp (Exim 4.84_2)
 (envelope-from <xen-devel-bounces@lists.xenproject.org>)
 id 1ehYN3-0006H8-AN; Fri, 02 Feb 2018 10:15:01 +0000
Received: from all-amaz-eas1.inumbo.com ([34.197.232.57])
 by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from
 <srs0=zyhe=e4=arm.com=julien.grall@srs-us1.protection.inumbo.net>)
 id 1ehYN2-0006FL-Hr
 for xen-devel@lists.xen.org; Fri, 02 Feb 2018 10:15:00 +0000
X-Inumbo-ID: fe9c19c4-0801-11e8-b9b1-635ca7ef6cff
Received: from foss.arm.com (unknown [217.140.101.70])
 by us1-amaz-eas1.inumbo.com (Halon) with ESMTP
 id fe9c19c4-0801-11e8-b9b1-635ca7ef6cff;
 Fri, 02 Feb 2018 10:15:29 +0000 (UTC)
Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249])
 by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 3273815AD;
 Fri,  2 Feb 2018 02:14:54 -0800 (PST)
Received: from e108454-lin.cambridge.arm.com (e108454-lin.cambridge.arm.com
 [10.1.206.53])
 by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id
 239863F487; Fri,  2 Feb 2018 02:14:53 -0800 (PST)
From: Julien Grall <julien.grall@arm.com>
To: xen-devel@lists.xen.org
Date: Fri,  2 Feb 2018 10:14:42 +0000
Message-Id: <20180202101444.3510-3-julien.grall@arm.com>
X-Mailer: git-send-email 2.11.0
In-Reply-To: <20180202101444.3510-1-julien.grall@arm.com>
References: <20180202101444.3510-1-julien.grall@arm.com>
Cc: andrew.cooper3@citrix.com, Julien Grall <julien.grall@arm.com>,
 sstabellini@kernel.org, andre.przywara@linaro.org
Subject: [Xen-devel] [PATCH v3 2/4] xen/arm: io: Distinguish unhandled IO
 from aborted one
X-BeenThere: xen-devel@lists.xenproject.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: Xen developer discussion <xen-devel.lists.xenproject.org>
List-Unsubscribe: <https://lists.xenproject.org/mailman/options/xen-devel>, 
 <mailto:xen-devel-request@lists.xenproject.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xenproject.org>
List-Help: <mailto:xen-devel-request@lists.xenproject.org?subject=help>
List-Subscribe: <https://lists.xenproject.org/mailman/listinfo/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=subscribe>
MIME-Version: 1.0
Errors-To: xen-devel-bounces@lists.xenproject.org
Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org>

Currently, Xen is considering that an IO could either be handled or
unhandled. When unhandled, the stage-2 abort function will try another
way to resolve the abort.

However, the MMIO emulation may return unhandled when the address
belongs to an emulated range but was not correct. In that case, Xen
should avoid to try another way and directly inject a guest data abort.

Introduce a tri-state return to distinguish the following state:
    * IO_ABORT: The IO was handled but resulted in an abort
    * IO_HANDLED: The IO was handled
    * IO_UNHANDLED: The IO was unhandled

For now, it is considered that an IO belonging to an emulated range
could either be handled or inject an abort. This could be revisit in the
future if overlapped region exist (or we want to try another way to
resolve the abort).

Signed-off-by: Julien Grall <julien.grall@arm.com>
Reviewed-by: Andre Przywara <andre.przywara@arm.com>
---
    Changes in v2:
        - Always return IO_ABORT when the check failed because we know
        it was targeted emulated IO.
        - Fix typoes
---
 xen/arch/arm/io.c          | 32 ++++++++++++++++++--------------
 xen/arch/arm/traps.c       | 18 +++++++++++++++---
 xen/include/asm-arm/mmio.h | 13 ++++++++++---
 3 files changed, 43 insertions(+), 20 deletions(-)

diff --git a/xen/arch/arm/io.c b/xen/arch/arm/io.c
index c3e9239ffe..1f4cb8f37d 100644
--- a/xen/arch/arm/io.c
+++ b/xen/arch/arm/io.c
@@ -26,8 +26,9 @@
 
 #include "decode.h"
 
-static int handle_read(const struct mmio_handler *handler, struct vcpu *v,
-                       mmio_info_t *info)
+static enum io_state handle_read(const struct mmio_handler *handler,
+                                 struct vcpu *v,
+                                 mmio_info_t *info)
 {
     const struct hsr_dabt dabt = info->dabt;
     struct cpu_user_regs *regs = guest_cpu_user_regs();
@@ -40,7 +41,7 @@ static int handle_read(const struct mmio_handler *handler, struct vcpu *v,
     uint8_t size = (1 << dabt.size) * 8;
 
     if ( !handler->ops->read(v, info, &r, handler->priv) )
-        return 0;
+        return IO_ABORT;
 
     /*
      * Sign extend if required.
@@ -60,17 +61,20 @@ static int handle_read(const struct mmio_handler *handler, struct vcpu *v,
 
     set_user_reg(regs, dabt.reg, r);
 
-    return 1;
+    return IO_HANDLED;
 }
 
-static int handle_write(const struct mmio_handler *handler, struct vcpu *v,
-                        mmio_info_t *info)
+static enum io_state handle_write(const struct mmio_handler *handler,
+                                  struct vcpu *v,
+                                  mmio_info_t *info)
 {
     const struct hsr_dabt dabt = info->dabt;
     struct cpu_user_regs *regs = guest_cpu_user_regs();
+    int ret;
 
-    return handler->ops->write(v, info, get_user_reg(regs, dabt.reg),
-                               handler->priv);
+    ret = handler->ops->write(v, info, get_user_reg(regs, dabt.reg),
+                              handler->priv);
+    return ( ret ) ? IO_HANDLED : IO_ABORT;
 }
 
 /* This function assumes that mmio regions are not overlapped */
@@ -103,9 +107,9 @@ static const struct mmio_handler *find_mmio_handler(struct domain *d,
     return handler;
 }
 
-int try_handle_mmio(struct cpu_user_regs *regs,
-                    const union hsr hsr,
-                    paddr_t gpa)
+enum io_state try_handle_mmio(struct cpu_user_regs *regs,
+                              const union hsr hsr,
+                              paddr_t gpa)
 {
     struct vcpu *v = current;
     const struct mmio_handler *handler = NULL;
@@ -119,11 +123,11 @@ int try_handle_mmio(struct cpu_user_regs *regs,
 
     handler = find_mmio_handler(v->domain, info.gpa);
     if ( !handler )
-        return 0;
+        return IO_UNHANDLED;
 
     /* All the instructions used on emulated MMIO region should be valid */
     if ( !dabt.valid )
-        return 0;
+        return IO_ABORT;
 
     /*
      * Erratum 766422: Thumb store translation fault to Hypervisor may
@@ -138,7 +142,7 @@ int try_handle_mmio(struct cpu_user_regs *regs,
         if ( rc )
         {
             gprintk(XENLOG_DEBUG, "Unable to decode instruction\n");
-            return 0;
+            return IO_ABORT;
         }
     }
 
diff --git a/xen/arch/arm/traps.c b/xen/arch/arm/traps.c
index 2f8d790bb3..1e85f99ec1 100644
--- a/xen/arch/arm/traps.c
+++ b/xen/arch/arm/traps.c
@@ -1964,10 +1964,21 @@ static void do_trap_stage2_abort_guest(struct cpu_user_regs *regs,
          *
          * Note that emulated region cannot be executed
          */
-        if ( is_data && try_handle_mmio(regs, hsr, gpa) )
+        if ( is_data )
         {
-            advance_pc(regs, hsr);
-            return;
+            enum io_state state = try_handle_mmio(regs, hsr, gpa);
+
+            switch ( state )
+            {
+            case IO_ABORT:
+                goto inject_abt;
+            case IO_HANDLED:
+                advance_pc(regs, hsr);
+                return;
+            case IO_UNHANDLED:
+                /* IO unhandled, try another way to handle it. */
+                break;
+            }
         }
 
         /*
@@ -1988,6 +1999,7 @@ static void do_trap_stage2_abort_guest(struct cpu_user_regs *regs,
                 hsr.bits, xabt.fsc);
     }
 
+inject_abt:
     gdprintk(XENLOG_DEBUG, "HSR=0x%x pc=%#"PRIregister" gva=%#"PRIvaddr
              " gpa=%#"PRIpaddr"\n", hsr.bits, regs->pc, gva, gpa);
     if ( is_data )
diff --git a/xen/include/asm-arm/mmio.h b/xen/include/asm-arm/mmio.h
index c941073257..c8dadb5006 100644
--- a/xen/include/asm-arm/mmio.h
+++ b/xen/include/asm-arm/mmio.h
@@ -32,6 +32,13 @@ typedef struct
     paddr_t gpa;
 } mmio_info_t;
 
+enum io_state
+{
+    IO_ABORT,       /* The IO was handled by the helper and led to an abort. */
+    IO_HANDLED,     /* The IO was successfully handled by the helper. */
+    IO_UNHANDLED,   /* The IO was not handled by the helper. */
+};
+
 typedef int (*mmio_read_t)(struct vcpu *v, mmio_info_t *info,
                            register_t *r, void *priv);
 typedef int (*mmio_write_t)(struct vcpu *v, mmio_info_t *info,
@@ -56,9 +63,9 @@ struct vmmio {
     struct mmio_handler *handlers;
 };
 
-int try_handle_mmio(struct cpu_user_regs *regs,
-                    const union hsr hsr,
-                    paddr_t gpa);
+enum io_state try_handle_mmio(struct cpu_user_regs *regs,
+                              const union hsr hsr,
+                              paddr_t gpa);
 void register_mmio_handler(struct domain *d,
                            const struct mmio_handler_ops *ops,
                            paddr_t addr, paddr_t size, void *priv);

From patchwork Fri Feb  2 10:14:43 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Julien Grall <julien.grall@arm.com>
X-Patchwork-Id: 126627
Delivered-To: patch@linaro.org
Received: by 10.46.124.24 with SMTP id x24csp495857ljc;
 Fri, 2 Feb 2018 02:17:39 -0800 (PST)
X-Google-Smtp-Source: AH8x2276Xf5ErvUq3UlcBSBrXo0/Xr+7Xuyp64BA42Uft9ZdVYVMogyvjMY0R8M7bFy6rJldtBub
X-Received: by 10.36.13.211 with SMTP id 202mr5990484itx.136.1517566659432; 
 Fri, 02 Feb 2018 02:17:39 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1517566659; cv=none;
 d=google.com; s=arc-20160816;
 b=TuvuzkSbbNP78SbNLxsmxbZpUojzJGQRyvtuVVx1r/jQpNUzjswjzIND+z5oH0nmpI
 PhDbHhz30zGdXz3/KmhLji34KD5TdMn3wv3OFx5ohyNY9HGfhNcaU63diwGWzD4RWaUZ
 stxIcHYex/xGe/w9zc6+oS3eTTNqp2ONvygu2hhZ9T+DLLLiDvuVqfHA3hYmU+8i3GQv
 H2mwSAHGUa6Dd4F5HYRK/YKErB0RXKpRVMwOvd/+LqLZRa8ghUeo5VHEp77bNZNXR6tZ
 5TJYKUTFqANRGREYOIepXWqo9VNRkb2a+M1wYJo8RU8Niwo/ny/zVg9+Lli5nMFsldGC
 K/tA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=sender:errors-to:content-transfer-encoding:mime-version
 :list-subscribe:list-help:list-post:list-unsubscribe:list-id
 :precedence:subject:cc:references:in-reply-to:message-id:date:to
 :from:arc-authentication-results;
 bh=aWC6toSZdaDt9uQgM2ZziwhbZEfaOKro5DQgIj3yBqQ=;
 b=0s7RCE1/yBzEccmP6YSqE6uoIo09hem48RgZV1iHehMWEu411meQtddBgGWRAJVMz4
 JFGMrLuQmhFfH0YBUSVO2MP1H4guZvZmMS9VLvaLBMREEAUTT05HaJ6gkppjGVjFe7Mq
 FxOvYlLmARHGaaQhiqPIkfYcV5qWwhqCbFKWZnvGvx553iKW9tFtgyJtHuDjoMtyFcE7
 i+vJWoluT1B0lrInsYIwRETayQA6sSyJuw9HxV37mE8upGl8kSB/e7UZRc8jgrrjH+oh
 1b9ZYmGnNhzsT2daCsLYizNfCkaOg+PI+PGDamIykai2RY23sb0xs1nOmUaB6YfsGG86
 D4kg==
ARC-Authentication-Results: i=1; mx.google.com;
 spf=pass (google.com: best guess record for domain of
 xen-devel-bounces@lists.xenproject.org designates
 192.237.175.120 as permitted sender)
 smtp.mailfrom=xen-devel-bounces@lists.xenproject.org
Return-Path: <xen-devel-bounces@lists.xenproject.org>
Received: from lists.xenproject.org (lists.xenproject.org. [192.237.175.120])
 by mx.google.com with ESMTPS id
 v36si1516482iov.112.2018.02.02.02.17.39
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Fri, 02 Feb 2018 02:17:39 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of
 xen-devel-bounces@lists.xenproject.org designates
 192.237.175.120 as permitted sender) client-ip=192.237.175.120; 
Authentication-Results: mx.google.com;
 spf=pass (google.com: best guess record for domain of
 xen-devel-bounces@lists.xenproject.org designates
 192.237.175.120 as permitted sender)
 smtp.mailfrom=xen-devel-bounces@lists.xenproject.org
Received: from localhost ([127.0.0.1] helo=lists.xenproject.org)
 by lists.xenproject.org with esmtp (Exim 4.84_2)
 (envelope-from <xen-devel-bounces@lists.xenproject.org>)
 id 1ehYN0-0006Fj-J6; Fri, 02 Feb 2018 10:14:58 +0000
Received: from us1-rack-dfw2.inumbo.com ([104.130.134.6])
 by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from
 <srs0=zyhe=e4=arm.com=julien.grall@srs-us1.protection.inumbo.net>)
 id 1ehYMy-0006FT-Km
 for xen-devel@lists.xen.org; Fri, 02 Feb 2018 10:14:56 +0000
X-Inumbo-ID: e053e405-0801-11e8-ba59-bc764e045a96
Received: from foss.arm.com (unknown [217.140.101.70])
 by us1-rack-dfw2.inumbo.com (Halon) with ESMTP
 id e053e405-0801-11e8-ba59-bc764e045a96;
 Fri, 02 Feb 2018 11:14:38 +0100 (CET)
Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249])
 by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 808821529;
 Fri,  2 Feb 2018 02:14:55 -0800 (PST)
Received: from e108454-lin.cambridge.arm.com (e108454-lin.cambridge.arm.com
 [10.1.206.53])
 by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id
 7195E3F487; Fri,  2 Feb 2018 02:14:54 -0800 (PST)
From: Julien Grall <julien.grall@arm.com>
To: xen-devel@lists.xen.org
Date: Fri,  2 Feb 2018 10:14:43 +0000
Message-Id: <20180202101444.3510-4-julien.grall@arm.com>
X-Mailer: git-send-email 2.11.0
In-Reply-To: <20180202101444.3510-1-julien.grall@arm.com>
References: <20180202101444.3510-1-julien.grall@arm.com>
Cc: andrew.cooper3@citrix.com, Julien Grall <julien.grall@arm.com>,
 sstabellini@kernel.org, andre.przywara@linaro.org
Subject: [Xen-devel] [PATCH v3 3/4] xen/arm: Don't crash domain on bad MMIO
 emulation
X-BeenThere: xen-devel@lists.xenproject.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: Xen developer discussion <xen-devel.lists.xenproject.org>
List-Unsubscribe: <https://lists.xenproject.org/mailman/options/xen-devel>, 
 <mailto:xen-devel-request@lists.xenproject.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xenproject.org>
List-Help: <mailto:xen-devel-request@lists.xenproject.org?subject=help>
List-Subscribe: <https://lists.xenproject.org/mailman/listinfo/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=subscribe>
MIME-Version: 1.0
Errors-To: xen-devel-bounces@lists.xenproject.org
Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org>

Now the MMIO emulation is able to distinguish unhandled IO from aborted
one, there are no need to crash the domain when the region is access
with a bad width.

Instead let Xen inject a data abort to the guest and decide what to do.

Signed-off-by: Julien Grall <julien.grall@arm.com>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
Reviewed-by: Andre Przywara <andre.przywara@arm.com>
---
    Changes in v2
        - Add Stefano's reviewed-by
---
 xen/arch/arm/vgic-v2.c     | 2 --
 xen/arch/arm/vgic-v3-its.c | 3 ---
 xen/arch/arm/vgic-v3.c     | 8 --------
 xen/arch/arm/vpl011.c      | 2 --
 4 files changed, 15 deletions(-)

diff --git a/xen/arch/arm/vgic-v2.c b/xen/arch/arm/vgic-v2.c
index 2bdb25261a..646d1f3d12 100644
--- a/xen/arch/arm/vgic-v2.c
+++ b/xen/arch/arm/vgic-v2.c
@@ -348,7 +348,6 @@ static int vgic_v2_distr_mmio_read(struct vcpu *v, mmio_info_t *info,
 bad_width:
     printk(XENLOG_G_ERR "%pv: vGICD: bad read width %d r%d offset %#08x\n",
            v, dabt.size, dabt.reg, gicd_reg);
-    domain_crash_synchronous();
     return 0;
 
 read_as_zero_32:
@@ -613,7 +612,6 @@ bad_width:
     printk(XENLOG_G_ERR
            "%pv: vGICD: bad write width %d r%d=%"PRIregister" offset %#08x\n",
            v, dabt.size, dabt.reg, r, gicd_reg);
-    domain_crash_synchronous();
     return 0;
 
 write_ignore_32:
diff --git a/xen/arch/arm/vgic-v3-its.c b/xen/arch/arm/vgic-v3-its.c
index d8fa44258d..32061c6b03 100644
--- a/xen/arch/arm/vgic-v3-its.c
+++ b/xen/arch/arm/vgic-v3-its.c
@@ -1136,7 +1136,6 @@ read_reserved:
 bad_width:
     printk(XENLOG_G_ERR "vGITS: bad read width %d r%d offset %#04lx\n",
            info->dabt.size, info->dabt.reg, (unsigned long)info->gpa & 0xffff);
-    domain_crash_synchronous();
 
     return 0;
 }
@@ -1446,8 +1445,6 @@ bad_width:
     printk(XENLOG_G_ERR "vGITS: bad write width %d r%d offset %#08lx\n",
            info->dabt.size, info->dabt.reg, (unsigned long)info->gpa & 0xffff);
 
-    domain_crash_synchronous();
-
     return 0;
 }
 
diff --git a/xen/arch/arm/vgic-v3.c b/xen/arch/arm/vgic-v3.c
index af16dfd005..2ad8a6be62 100644
--- a/xen/arch/arm/vgic-v3.c
+++ b/xen/arch/arm/vgic-v3.c
@@ -328,7 +328,6 @@ static int __vgic_v3_rdistr_rd_mmio_read(struct vcpu *v, mmio_info_t *info,
 bad_width:
     printk(XENLOG_G_ERR "%pv vGICR: bad read width %d r%d offset %#08x\n",
            v, dabt.size, dabt.reg, gicr_reg);
-    domain_crash_synchronous();
     return 0;
 
 read_as_zero_64:
@@ -648,7 +647,6 @@ bad_width:
     printk(XENLOG_G_ERR
           "%pv: vGICR: bad write width %d r%d=%"PRIregister" offset %#08x\n",
           v, dabt.size, dabt.reg, r, gicr_reg);
-    domain_crash_synchronous();
     return 0;
 
 write_ignore_64:
@@ -760,7 +758,6 @@ static int __vgic_v3_distr_common_mmio_read(const char *name, struct vcpu *v,
 bad_width:
     printk(XENLOG_G_ERR "%pv: %s: bad read width %d r%d offset %#08x\n",
            v, name, dabt.size, dabt.reg, reg);
-    domain_crash_synchronous();
     return 0;
 
 read_as_zero:
@@ -876,7 +873,6 @@ bad_width:
     printk(XENLOG_G_ERR
            "%pv: %s: bad write width %d r%d=%"PRIregister" offset %#08x\n",
            v, name, dabt.size, dabt.reg, r, reg);
-    domain_crash_synchronous();
     return 0;
 
 write_ignore_32:
@@ -937,7 +933,6 @@ static int vgic_v3_rdistr_sgi_mmio_read(struct vcpu *v, mmio_info_t *info,
 bad_width:
     printk(XENLOG_G_ERR "%pv: vGICR: SGI: bad read width %d r%d offset %#08x\n",
            v, dabt.size, dabt.reg, gicr_reg);
-    domain_crash_synchronous();
     return 0;
 
 read_as_zero_32:
@@ -1017,7 +1012,6 @@ bad_width:
     printk(XENLOG_G_ERR
            "%pv: vGICR: SGI: bad write width %d r%d=%"PRIregister" offset %#08x\n",
            v, dabt.size, dabt.reg, r, gicr_reg);
-    domain_crash_synchronous();
     return 0;
 
 write_ignore_32:
@@ -1268,7 +1262,6 @@ static int vgic_v3_distr_mmio_read(struct vcpu *v, mmio_info_t *info,
 bad_width:
     printk(XENLOG_G_ERR "%pv: vGICD: bad read width %d r%d offset %#08x\n",
            v, dabt.size, dabt.reg, gicd_reg);
-    domain_crash_synchronous();
     return 0;
 
 read_as_zero_32:
@@ -1456,7 +1449,6 @@ bad_width:
     printk(XENLOG_G_ERR
            "%pv: vGICD: bad write width %d r%d=%"PRIregister" offset %#08x\n",
            v, dabt.size, dabt.reg, r, gicd_reg);
-    domain_crash_synchronous();
     return 0;
 
 write_ignore_32:
diff --git a/xen/arch/arm/vpl011.c b/xen/arch/arm/vpl011.c
index 725b2e03ad..7788c2fc32 100644
--- a/xen/arch/arm/vpl011.c
+++ b/xen/arch/arm/vpl011.c
@@ -296,7 +296,6 @@ static int vpl011_mmio_read(struct vcpu *v,
 bad_width:
     gprintk(XENLOG_ERR, "vpl011: bad read width %d r%d offset %#08x\n",
             dabt.size, dabt.reg, vpl011_reg);
-    domain_crash_synchronous();
     return 0;
 
 }
@@ -366,7 +365,6 @@ write_ignore:
 bad_width:
     gprintk(XENLOG_ERR, "vpl011: bad write width %d r%d offset %#08x\n",
             dabt.size, dabt.reg, vpl011_reg);
-    domain_crash_synchronous();
     return 0;
 
 }

From patchwork Fri Feb  2 10:14:44 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Julien Grall <julien.grall@arm.com>
X-Patchwork-Id: 126625
Delivered-To: patch@linaro.org
Received: by 10.46.124.24 with SMTP id x24csp495837ljc;
 Fri, 2 Feb 2018 02:17:37 -0800 (PST)
X-Google-Smtp-Source: AH8x225MOdVygnWpzL0BLokhDZGTRQSsP4NZJyl9zteiYEHFHjIhXUe8hXSE0JsV8Qa9EsZLedo3
X-Received: by 10.107.191.130 with SMTP id
 p124mr39579401iof.228.1517566657084; 
 Fri, 02 Feb 2018 02:17:37 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1517566657; cv=none;
 d=google.com; s=arc-20160816;
 b=dtKng0yUVWR93iHUs77FNnK1LvZ7Bitj9n1LDYYWlCzH5Fdwf+uSVH9w6vyMTB8oHs
 2wosUydMCrrsjlfmKtslW3iPma7ymBf0y0oi/Z9/weKopcfjWb2PcZslqPlk5B7EYipz
 2L5Cxduw6lGLAPCPgw5niOfyBBX9BRoMp+q3TBuKsDycbIHmF89vzYx2N66iLaVJjN+b
 l2eYF2pjDAVoJ22Wr11/1edLSZfmBXEeQbF//gpUGi755ltM2GjshwCGICzfXlyIq98v
 gNWRcWWJGBL08WG1dn6VDyN5Dqs+RwalGnDPi1dBHQfbJQX1zEGCRaKFppcfqoiNf39B
 GhQA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=sender:errors-to:content-transfer-encoding:mime-version
 :list-subscribe:list-help:list-post:list-unsubscribe:list-id
 :precedence:subject:cc:references:in-reply-to:message-id:date:to
 :from:arc-authentication-results;
 bh=fx8gO0NkYIsJIipHW+OVWUluFn6+eU6welLReTQpWRM=;
 b=fe7DpdcNGwQzFQkA3rm53X49XXHw9RxF0MjYPDp29VIawwYEcCOelfowt0nhguHMwm
 vDPhyLwIp6JFTiAlaAjL5ql87qVLx0j8y9RJ50kRYWdYvV1qSdTTCFcJ819RnRR4za9Z
 ERVjLwf3j2ZyRoUqQiL4yDuBwox83+Su27vtrESVj0LJSLoyGGZqnZD1vX/NGb/81Sk/
 xDB6TK6wmlhI9KwXbxQEJ6b9c1N04Sp8pIPvefFCxjycTdVxQsdjy9BWezF0S53lnWBI
 R7Nhgdy9/whmWV2B3hcKZDF7Q0nMLg9XsuJ0+W78vov4t+9BKjwz75URsjxx3a6gxTtR
 TKow==
ARC-Authentication-Results: i=1; mx.google.com;
 spf=pass (google.com: best guess record for domain of
 xen-devel-bounces@lists.xenproject.org designates
 192.237.175.120 as permitted sender)
 smtp.mailfrom=xen-devel-bounces@lists.xenproject.org
Return-Path: <xen-devel-bounces@lists.xenproject.org>
Received: from lists.xenproject.org (lists.xenproject.org. [192.237.175.120])
 by mx.google.com with ESMTPS id
 r197si1420369ior.186.2018.02.02.02.17.36
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Fri, 02 Feb 2018 02:17:37 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of
 xen-devel-bounces@lists.xenproject.org designates
 192.237.175.120 as permitted sender) client-ip=192.237.175.120; 
Authentication-Results: mx.google.com;
 spf=pass (google.com: best guess record for domain of
 xen-devel-bounces@lists.xenproject.org designates
 192.237.175.120 as permitted sender)
 smtp.mailfrom=xen-devel-bounces@lists.xenproject.org
Received: from localhost ([127.0.0.1] helo=lists.xenproject.org)
 by lists.xenproject.org with esmtp (Exim 4.84_2)
 (envelope-from <xen-devel-bounces@lists.xenproject.org>)
 id 1ehYN0-0006GF-TJ; Fri, 02 Feb 2018 10:14:58 +0000
Received: from us1-rack-dfw2.inumbo.com ([104.130.134.6])
 by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from
 <srs0=zyhe=e4=arm.com=julien.grall@srs-us1.protection.inumbo.net>)
 id 1ehYMz-0006Fd-Ta
 for xen-devel@lists.xen.org; Fri, 02 Feb 2018 10:14:57 +0000
X-Inumbo-ID: e11d0366-0801-11e8-ba59-bc764e045a96
Received: from foss.arm.com (unknown [217.140.101.70])
 by us1-rack-dfw2.inumbo.com (Halon) with ESMTP
 id e11d0366-0801-11e8-ba59-bc764e045a96;
 Fri, 02 Feb 2018 11:14:40 +0100 (CET)
Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249])
 by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id CE4E615AD;
 Fri,  2 Feb 2018 02:14:56 -0800 (PST)
Received: from e108454-lin.cambridge.arm.com (e108454-lin.cambridge.arm.com
 [10.1.206.53])
 by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id
 BF8B53F487; Fri,  2 Feb 2018 02:14:55 -0800 (PST)
From: Julien Grall <julien.grall@arm.com>
To: xen-devel@lists.xen.org
Date: Fri,  2 Feb 2018 10:14:44 +0000
Message-Id: <20180202101444.3510-5-julien.grall@arm.com>
X-Mailer: git-send-email 2.11.0
In-Reply-To: <20180202101444.3510-1-julien.grall@arm.com>
References: <20180202101444.3510-1-julien.grall@arm.com>
Cc: andrew.cooper3@citrix.com, Julien Grall <julien.grall@arm.com>,
 sstabellini@kernel.org, andre.przywara@linaro.org
Subject: [Xen-devel] [PATCH v3 4/4] xen/arm: Don't crash the domain on
 invalid HVC immediate
X-BeenThere: xen-devel@lists.xenproject.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: Xen developer discussion <xen-devel.lists.xenproject.org>
List-Unsubscribe: <https://lists.xenproject.org/mailman/options/xen-devel>, 
 <mailto:xen-devel-request@lists.xenproject.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xenproject.org>
List-Help: <mailto:xen-devel-request@lists.xenproject.org?subject=help>
List-Subscribe: <https://lists.xenproject.org/mailman/listinfo/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=subscribe>
MIME-Version: 1.0
Errors-To: xen-devel-bounces@lists.xenproject.org
Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org>

domain_crash_synchronous() should only be used when something went wrong
in Xen. It is better to inject to the guest as it will be in a better
position to provide helpful information (stack trace...).

Signed-off-by: Julien Grall <julien.grall@arm.com>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
---

    We potentially want to return -1 instead. This would make Xen more
    future-proof if we decide to implement the other HVC immediate.

    Changes in v2:
        - Add Stefano's reviewed-by
---
 xen/arch/arm/traps.c | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/xen/arch/arm/traps.c b/xen/arch/arm/traps.c
index 1e85f99ec1..1cba7e584d 100644
--- a/xen/arch/arm/traps.c
+++ b/xen/arch/arm/traps.c
@@ -1471,14 +1471,17 @@ static void do_debug_trap(struct cpu_user_regs *regs, unsigned int code)
 #endif
 
 static void do_trap_hypercall(struct cpu_user_regs *regs, register_t *nr,
-                              unsigned long iss)
+                              const union hsr hsr)
 {
     arm_hypercall_fn_t call = NULL;
 
     BUILD_BUG_ON(NR_hypercalls < ARRAY_SIZE(arm_hypercall_table) );
 
-    if ( iss != XEN_HYPERCALL_TAG )
-        domain_crash_synchronous();
+    if ( hsr.iss != XEN_HYPERCALL_TAG )
+    {
+        gprintk(XENLOG_WARNING, "Invalid HVC imm 0x%x\n", hsr.iss);
+        return inject_undef_exception(regs, hsr);
+    }
 
     if ( *nr >= ARRAY_SIZE(arm_hypercall_table) )
     {
@@ -2109,7 +2112,7 @@ void do_trap_guest_sync(struct cpu_user_regs *regs)
         if ( hsr.iss == 0 )
             return do_trap_hvc_smccc(regs);
         nr = regs->r12;
-        do_trap_hypercall(regs, &nr, hsr.iss);
+        do_trap_hypercall(regs, &nr, hsr);
         regs->r12 = (uint32_t)nr;
         break;
     }
@@ -2123,7 +2126,7 @@ void do_trap_guest_sync(struct cpu_user_regs *regs)
 #endif
         if ( hsr.iss == 0 )
             return do_trap_hvc_smccc(regs);
-        do_trap_hypercall(regs, &regs->x16, hsr.iss);
+        do_trap_hypercall(regs, &regs->x16, hsr);
         break;
     case HSR_EC_SMC64:
         /*