Xen project Mailing List

[XEN v2] GICv3: Emulate GICR_PENDBASER correctly for 32 bit guests

From: Ayan Kumar Halder <ayankuma@xxxxxxx>

Date: Mon, 24 Oct 2022 20:30:02 +0100

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=lists.xenproject.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=My2CdENgSSvX0A0wOdfMQ6XHEcFLH5icgIUZaNeQLPY=; b=dSPxSeIgXsK3L7/qtnwYieHWaypCaXsZhoRQ93m20+ZjmAP+IPaPGyleBrbNki4flX/5Ao8diahbBlfxDeVyqMoRcBdsq/Jbzn1K8RtRIdlZwiJ9DlN03g14Z59zvkEfCHKgVpUoblRA3CrhpcPBIy0AhLlM8xqoup98uU6nAFf46QW9GeR7R8qEStMeKuPUpd8G3BooBmm/lZ1L2NPdkF2wq0/+p+OPySnR8mhEDN77/hgzqQmRMFlAkVt1NIr7zbHj+0PgV+XmlA37u8+V7if65Wgrtoa+rlEuwvmEDTRb38aUqsOJQ+HL6pZCGsoL7ch2S4CMZo8Tt5wJzxValg==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=WrY444qC/OTxm+yZmQvZDFYiqxCHPZJ3CuiN0vr5kKuX8u0iITPVPw/nrdA8DWEfdl0QCPuH74dM8eJvXPpBzvrJYQrpT7QwuEe25cs2K3vPxGc7Z1vC4l7nrZ4S7qA45lB3fyXirqbSIMJHpnLh8zdFb4nTDvGanZ5UpiXsPyESsPPlLskf0keAfrfFbX3t+0sA2GljDZHF0GX196hajzKx3Oh5G354Ms2ycltAWuiEO7PDnfk/G1V+n+vMDlw5KbScQMgfwcv+KqZ94XckoOhntire2lBuvdhnuwYMgyW/pESCwCZVMibN+XUkXab60GYnvs7rDjkKumu14Sjr3g==

Cc: <sstabellini@xxxxxxxxxx>, <stefanos@xxxxxxxxxx>, <julien@xxxxxxx>, <Volodymyr_Babchuk@xxxxxxxx>, <bertrand.marquis@xxxxxxx>, <andre.przywara@xxxxxxx>, Ayan Kumar Halder <ayankuma@xxxxxxx>

Delivery-date: Mon, 24 Oct 2022 19:30:31 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

If a guest is running in 32 bit mode and it tries to access "GICR_PENDBASER + 4" mmio reg, it will be trapped to Xen. vreg_reg64_extract() will return the value stored "v->arch.vgic.rdist_pendbase + 4". This will be stored in a 32bit register. The 32bit register is then modified bitwise with a mask (ie GICR_PENDBASER_PTZ, it clears the 62nd bit) which is greater than 32 bits. This will give an incorrect result. The correct thing to do here is to store the value of "v->arch.vgic.rdist_pendbase" in a temporary 64 bit variable. This variable is then modified bitwise with GICR_PENDBASER_PTZ mask. It is then passed to vreg_reg64_extract() which will extract 32 bits from the given offset. Fixes: fe7fa1332dabd9ce4 ("ARM: vGICv3: handle virtual LPI pending and property tables") Signed-off-by: Ayan Kumar Halder <ayankuma@xxxxxxx> --- Changes from:- v1 - 1. Extracted this fix from "[RFC PATCH v1 05/12] Arm: GICv3: Emulate GICR_PENDBASER and GICR_PROPBASER on AArch32" into a separate patch with an appropriate commit message. xen/arch/arm/vgic-v3.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/xen/arch/arm/vgic-v3.c b/xen/arch/arm/vgic-v3.c index 0c23f6df9d..7930ab6330 100644 --- a/xen/arch/arm/vgic-v3.c +++ b/xen/arch/arm/vgic-v3.c @@ -250,14 +250,16 @@ static int __vgic_v3_rdistr_rd_mmio_read(struct vcpu *v, mmio_info_t *info, case VREG64(GICR_PENDBASER): { unsigned long flags; + uint64_t val; if ( !v->domain->arch.vgic.has_its ) goto read_as_zero_64; if ( !vgic_reg64_check_access(dabt) ) goto bad_width; spin_lock_irqsave(&v->arch.vgic.lock, flags); - *r = vreg_reg64_extract(v->arch.vgic.rdist_pendbase, info); - *r &= ~GICR_PENDBASER_PTZ; /* WO, reads as 0 */ + val = v->arch.vgic.rdist_pendbase; + val &= ~GICR_PENDBASER_PTZ; /* WO, reads as 0 */ + *r = vreg_reg64_extract(val, info); spin_unlock_irqrestore(&v->arch.vgic.lock, flags); return 1; } -- 2.17.1

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.