From mboxrd@z Thu Jan 1 00:00:00 1970 From: Ian Campbell Subject: Re: [PATCH 4/9] xen: arm: turn vtimer traps for cp32/64 and sysreg into #undef Date: Wed, 10 Sep 2014 10:46:27 +0100 Message-ID: <1410342387.8217.272.camel@kazak.uk.xensource.com> References: <1410279730.8217.238.camel@kazak.uk.xensource.com> <1410279788-27167-4-git-send-email-ian.campbell@citrix.com> <540F8DC3.3050305@linaro.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <540F8DC3.3050305@linaro.org> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org To: Julien Grall Cc: stefano.stabellini@eu.citrix.com, tim@xen.org, xen-devel@lists.xen.org List-Id: xen-devel@lists.xenproject.org On Tue, 2014-09-09 at 16:31 -0700, Julien Grall wrote: > Hi Ian, > > On 09/09/14 09:23, Ian Campbell wrote: > > We have allowed EL1 to access these registers directly for some time > > (at least since 4.3.0). They were only ever trapped to support very > > early models which had a buggy hypervisor timer, requiring us to use > > the phys timer for Xen itself. > > In the interests of minimising the patch for the security update just > > remove the call to vtimer_emulate and inject an #undef exception. In > > practice we will never see any of these traps. > > I disagree with the commit message, a guest may use the physical timer > rather than the virtual timer. It's the case when a guest doesn't have > the necessary code to use the virtual timer. I think you've misunderstood. The guest is allowed direct access to the physical timer ever since we removed the workaround for the buggy hypervisor timer on the models. Hence we are never trapping these registers anyway. Probably I should go further here and actually remove all the phys timer emulation support from vtimer.c. > Hence, the guest could decide to let the userspace access to CNTPCT_EL0 > (see CNTKCTL.PL0CTEN). In a such case, the application will be broken on > Xen guest. > > > Handle CNTPCT_EL0 explicitly for consistency with CNTPCT on 32-bit. > > > > Signed-off-by: Ian Campbell > > --- > > xen/arch/arm/traps.c | 37 ++++++++++++------------------------- > > 1 file changed, 12 insertions(+), 25 deletions(-) > > > > diff --git a/xen/arch/arm/traps.c b/xen/arch/arm/traps.c > > index 353e38e..46ed21d 100644 > > --- a/xen/arch/arm/traps.c > > +++ b/xen/arch/arm/traps.c > > @@ -1478,13 +1478,8 @@ static void do_cp15_32(struct cpu_user_regs *regs, > > break; > > case HSR_CPREG32(CNTP_CTL): > > case HSR_CPREG32(CNTP_TVAL): > > - if ( !vtimer_emulate(regs, hsr) ) > > You dropped every call to vtimer_emulate. It may be interesting to > remove the related code in vtimer.c Yes, I didn't do that when this was going to be a security update to keep the size of the patch down, but I should do so now though. Ian.