[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[xen staging-4.16] xen/arm64: Zero the top 32 bits of gp registers on entry...



commit 04c7cc2b79053e7d358631d3450bf1b35fbc5f8d
Author:     Michal Orzel <michal.orzel@xxxxxxx>
AuthorDate: Fri Dec 17 08:21:59 2021 +0100
Commit:     Stefano Stabellini <stefano.stabellini@xxxxxxxxxx>
CommitDate: Thu Mar 10 09:41:19 2022 -0800

    xen/arm64: Zero the top 32 bits of gp registers on entry...
    
    to hypervisor when switching from AArch32 state.
    
    According to section D1.20.2 of Arm Arm(DDI 0487A.j):
    "If the general-purpose register was accessible from AArch32 state the
    upper 32 bits either become zero, or hold the value that the same
    architectural register held before any AArch32 execution.
    The choice between these two options is IMPLEMENTATION DEFINED"
    
    Currently Xen does not ensure that the top 32 bits are zeroed and this
    needs to be fixed. The reason why is that there are places in Xen
    where we assume that top 32bits are zero for AArch32 guests.
    If they are not, this can lead to misinterpretation of Xen regarding
    what the guest requested. For example hypercalls returning an error
    encoded in a signed long like do_sched_op, do_hmv_op, do_memory_op
    would return -ENOSYS if the command passed as the first argument was
    clobbered.
    
    Create a macro clobber_gp_top_halves to clobber top 32 bits of gp
    registers when hyp == 0 (guest mode) and compat == 1 (AArch32 mode).
    Add a compile time check to ensure that save_x0_x1 == 1 if
    compat == 1.
    
    Signed-off-by: Michal Orzel <michal.orzel@xxxxxxx>
    [julieng: Tweak the comment in clobber_gp_top_halves]
    Acked-by: Julien Grall <jgrall@xxxxxxxxxx>
    (cherry picked from commit 32365f3476ac4655f2f26111cd7879912808cd77)
---
 xen/arch/arm/arm64/entry.S | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)

diff --git a/xen/arch/arm/arm64/entry.S b/xen/arch/arm/arm64/entry.S
index cf7b9d826f..95f1a92684 100644
--- a/xen/arch/arm/arm64/entry.S
+++ b/xen/arch/arm/arm64/entry.S
@@ -102,6 +102,30 @@
         .endif
 
         .endm
+
+/*
+ * Clobber top 32 bits of gp registers when switching from AArch32
+ */
+        .macro clobber_gp_top_halves, compat, save_x0_x1
+
+        .if \compat == 1      /* AArch32 mode */
+
+        /*
+         * At the moment, no-one is using save_x0_x1 == 0 with compat == 1.
+         * So the code is not handling it to simplify the implementation.
+         */
+        .if \save_x0_x1 == 0
+        .error "save_x0_x1 is 0 but compat is 1"
+        .endif
+
+        .irp 
n,0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30
+        mov w\n, w\n
+        .endr
+
+        .endif
+
+        .endm
+
 /*
  * Save state on entry to hypervisor, restore on exit
  *
@@ -111,6 +135,11 @@
  */
         .macro  entry, hyp, compat, save_x0_x1=1
         sub     sp, sp, #(UREGS_SPSR_el1 - UREGS_LR) /* CPSR, PC, SP, LR */
+
+        .if \hyp == 0         /* Guest mode */
+        clobber_gp_top_halves compat=\compat, save_x0_x1=\save_x0_x1
+        .endif
+
         push    x28, x29
         push    x26, x27
         push    x24, x25
--
generated by git-patchbot for /home/xen/git/xen.git#staging-4.16



 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.