[PATCH v2] don't pass r12 as reference

[PATCH v2] don't pass r12 as reference

[Stefano Stabellini]

r12 and x16 are of different sizes; when passing r12 as a reference to
do_trap_hypercall on arm64, we end up dereferencing it as a pointer to a
64bit value, but actually it isn't.

Instead, use a temporary variable to pass r12, and write back the result
after the call to do_trap_hypercall.

CID: 1457708
Signed-off-by: Stefano Stabellini <sstabellini@kernel.org>

diff --git a/xen/arch/arm/traps.c b/xen/arch/arm/traps.c
index 013c160..67a68fc 100644
--- a/xen/arch/arm/traps.c
+++ b/xen/arch/arm/traps.c
@@ -2123,6 +2123,9 @@ void do_trap_guest_sync(struct cpu_user_regs *regs)
         do_trap_smc(regs, hsr);
         break;
     case HSR_EC_HVC32:
+    {
+        register_t nr;
+
         GUEST_BUG_ON(!psr_mode_is_32bit(regs->cpsr));
         perfc_incr(trap_hvc32);
 #ifndef NDEBUG
@@ -2131,8 +2134,11 @@ void do_trap_guest_sync(struct cpu_user_regs *regs)
 #endif
         if ( hsr.iss == 0 )
             return do_trap_hvc_smccc(regs);
-        do_trap_hypercall(regs, (register_t *)&regs->r12, hsr.iss);
+        nr = regs->r12;
+        do_trap_hypercall(regs, &nr, hsr.iss);
+        regs->r12 = (uint32_t)nr;
         break;
+    }
 #ifdef CONFIG_ARM_64
     case HSR_EC_HVC64:
         GUEST_BUG_ON(psr_mode_is_32bit(regs->cpsr));

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [PATCH v2] don't pass r12 as reference

[Julien Grall]

Hi Stefano,

On 18 January 2018 at 21:48, Stefano Stabellini <sstabellini@kernel.org> wrote:
> r12 and x16 are of different sizes; when passing r12 as a reference to
> do_trap_hypercall on arm64, we end up dereferencing it as a pointer to a
> 64bit value, but actually it isn't.
>
> Instead, use a temporary variable to pass r12, and write back the result
> after the call to do_trap_hypercall.
>
> CID: 1457708
> Signed-off-by: Stefano Stabellini <sstabellini@kernel.org>

Reviewed-by: Julien Grall <julien.grall@linaro.org>

Cheers,

>
> diff --git a/xen/arch/arm/traps.c b/xen/arch/arm/traps.c
> index 013c160..67a68fc 100644
> --- a/xen/arch/arm/traps.c
> +++ b/xen/arch/arm/traps.c
> @@ -2123,6 +2123,9 @@ void do_trap_guest_sync(struct cpu_user_regs *regs)
>          do_trap_smc(regs, hsr);
>          break;
>      case HSR_EC_HVC32:
> +    {
> +        register_t nr;
> +
>          GUEST_BUG_ON(!psr_mode_is_32bit(regs->cpsr));
>          perfc_incr(trap_hvc32);
>  #ifndef NDEBUG
> @@ -2131,8 +2134,11 @@ void do_trap_guest_sync(struct cpu_user_regs *regs)
>  #endif
>          if ( hsr.iss == 0 )
>              return do_trap_hvc_smccc(regs);
> -        do_trap_hypercall(regs, (register_t *)&regs->r12, hsr.iss);
> +        nr = regs->r12;
> +        do_trap_hypercall(regs, &nr, hsr.iss);
> +        regs->r12 = (uint32_t)nr;
>          break;
> +    }
>  #ifdef CONFIG_ARM_64
>      case HSR_EC_HVC64:
>          GUEST_BUG_ON(psr_mode_is_32bit(regs->cpsr));

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel