* [PATCH 0/3] xen/arm: Survive unknown traps from guests
@ 2017-05-04 17:54 Julien Grall
2017-05-04 17:54 ` [PATCH 1/3] xen/arm: arm32: Rename the trap to the correct name Julien Grall
` (2 more replies)
0 siblings, 3 replies; 10+ messages in thread
From: Julien Grall @ 2017-05-04 17:54 UTC (permalink / raw)
To: xen-devel; +Cc: Julien Grall, sstabellini
Hi all,
This small patch series ensure that Xen will not die when receiving unknown
trap from the guests. I am not aware of any issue with platform we currently
support, so I am not sure whether it would be Xen 4.9 material.
Cheers,
Julien Grall (3):
xen/arm: arm32: Rename the trap to the correct name
xen/arm: do_trap_hypervisor: Separate hypervisor and guest traps
xen/arm: Survive unknown traps from guests
xen/arch/arm/arm32/entry.S | 8 ++++----
xen/arch/arm/arm32/traps.c | 4 ++--
xen/arch/arm/arm64/entry.S | 6 +++---
xen/arch/arm/traps.c | 18 +++++++++++++++++-
4 files changed, 26 insertions(+), 10 deletions(-)
--
2.11.0
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 10+ messages in thread
* [PATCH 1/3] xen/arm: arm32: Rename the trap to the correct name
2017-05-04 17:54 [PATCH 0/3] xen/arm: Survive unknown traps from guests Julien Grall
@ 2017-05-04 17:54 ` Julien Grall
2017-05-04 18:57 ` Stefano Stabellini
2017-05-04 17:54 ` [PATCH 2/3] xen/arm: do_trap_hypervisor: Separate hypervisor and guest traps Julien Grall
2017-05-04 17:54 ` [PATCH 3/3] xen/arm: Survive unknown traps from guests Julien Grall
2 siblings, 1 reply; 10+ messages in thread
From: Julien Grall @ 2017-05-04 17:54 UTC (permalink / raw)
To: xen-devel; +Cc: Julien Grall, sstabellini
Per Table B1-3 in ARM DDI 0406C.c, the vector 0x8 for hyp is called
"Hypervisor Call".
Signed-off-by: Julien Grall <julien.grall@arm.com>
---
xen/arch/arm/arm32/entry.S | 4 ++--
xen/arch/arm/arm32/traps.c | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/xen/arch/arm/arm32/entry.S b/xen/arch/arm/arm32/entry.S
index 2b04a99664..05733089f7 100644
--- a/xen/arch/arm/arm32/entry.S
+++ b/xen/arch/arm/arm32/entry.S
@@ -149,7 +149,7 @@ trap_##trap: \
GLOBAL(hyp_traps_vector)
.word 0 /* 0x00 - Reset */
b trap_undefined_instruction /* 0x04 - Undefined Instruction */
- b trap_supervisor_call /* 0x08 - Supervisor Call */
+ b trap_hypervisor_call /* 0x08 - Hypervisor Call */
b trap_prefetch_abort /* 0x0c - Prefetch Abort */
b trap_data_abort /* 0x10 - Data Abort */
b trap_hypervisor /* 0x14 - Hypervisor */
@@ -157,7 +157,7 @@ GLOBAL(hyp_traps_vector)
b trap_fiq /* 0x1c - FIQ */
DEFINE_TRAP_ENTRY(undefined_instruction)
-DEFINE_TRAP_ENTRY(supervisor_call)
+DEFINE_TRAP_ENTRY(hypervisor_call)
DEFINE_TRAP_ENTRY(prefetch_abort)
DEFINE_TRAP_ENTRY(hypervisor)
DEFINE_TRAP_ENTRY_NOIRQ(irq)
diff --git a/xen/arch/arm/arm32/traps.c b/xen/arch/arm/arm32/traps.c
index 5bc5f64d86..e75836792a 100644
--- a/xen/arch/arm/arm32/traps.c
+++ b/xen/arch/arm/arm32/traps.c
@@ -50,9 +50,9 @@ die:
do_unexpected_trap("Undefined Instruction", regs);
}
-asmlinkage void do_trap_supervisor_call(struct cpu_user_regs *regs)
+asmlinkage void do_trap_hypervisor_call(struct cpu_user_regs *regs)
{
- do_unexpected_trap("Supervisor Call", regs);
+ do_unexpected_trap("Hypervisor Call", regs);
}
asmlinkage void do_trap_prefetch_abort(struct cpu_user_regs *regs)
--
2.11.0
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [PATCH 2/3] xen/arm: do_trap_hypervisor: Separate hypervisor and guest traps
2017-05-04 17:54 [PATCH 0/3] xen/arm: Survive unknown traps from guests Julien Grall
2017-05-04 17:54 ` [PATCH 1/3] xen/arm: arm32: Rename the trap to the correct name Julien Grall
@ 2017-05-04 17:54 ` Julien Grall
2017-05-04 18:03 ` Andrew Cooper
2017-05-04 19:13 ` Stefano Stabellini
2017-05-04 17:54 ` [PATCH 3/3] xen/arm: Survive unknown traps from guests Julien Grall
2 siblings, 2 replies; 10+ messages in thread
From: Julien Grall @ 2017-05-04 17:54 UTC (permalink / raw)
To: xen-devel; +Cc: Julien Grall, sstabellini
The function do_trap_hypervisor is currently handling both trap coming
from the hypervisor and the guest. This makes difficult to get specific
behavior when a trap is coming from either the guest or the hypervisor.
Split the function into two parts:
- do_trap_guest_sync to handle guest traps
- do_trap_hyp_sync to handle hypervisor traps
On AArch32, the Hyp Trap Exception provides the standard mechanism for
trapping Guest OS functions to the hypervisor (see B1.14.1 in ARM DDI
0406C.c). It cannot be generated when generated when the processor is in
Hyp Mode, instead other exception will be used. So it is fine to replace
the call to do_trap_hypervisor by do_trap_guest_sync.
For AArch64, there are two distincts exception depending whether the
exception was taken from the current level (hypervisor) or lower level
(guest).
Signed-off-by: Julien Grall <julien.grall@arm.com>
---
xen/arch/arm/arm32/entry.S | 4 ++--
xen/arch/arm/arm64/entry.S | 6 +++---
xen/arch/arm/traps.c | 17 ++++++++++++++++-
3 files changed, 21 insertions(+), 6 deletions(-)
diff --git a/xen/arch/arm/arm32/entry.S b/xen/arch/arm/arm32/entry.S
index 05733089f7..120922e64e 100644
--- a/xen/arch/arm/arm32/entry.S
+++ b/xen/arch/arm/arm32/entry.S
@@ -152,14 +152,14 @@ GLOBAL(hyp_traps_vector)
b trap_hypervisor_call /* 0x08 - Hypervisor Call */
b trap_prefetch_abort /* 0x0c - Prefetch Abort */
b trap_data_abort /* 0x10 - Data Abort */
- b trap_hypervisor /* 0x14 - Hypervisor */
+ b trap_guest_sync /* 0x14 - Hypervisor */
b trap_irq /* 0x18 - IRQ */
b trap_fiq /* 0x1c - FIQ */
DEFINE_TRAP_ENTRY(undefined_instruction)
DEFINE_TRAP_ENTRY(hypervisor_call)
DEFINE_TRAP_ENTRY(prefetch_abort)
-DEFINE_TRAP_ENTRY(hypervisor)
+DEFINE_TRAP_ENTRY(guest_sync)
DEFINE_TRAP_ENTRY_NOIRQ(irq)
DEFINE_TRAP_ENTRY_NOIRQ(fiq)
DEFINE_TRAP_ENTRY_NOABORT(data_abort)
diff --git a/xen/arch/arm/arm64/entry.S b/xen/arch/arm/arm64/entry.S
index 137e67c674..06afc8a4e4 100644
--- a/xen/arch/arm/arm64/entry.S
+++ b/xen/arch/arm/arm64/entry.S
@@ -189,7 +189,7 @@ hyp_sync:
entry hyp=1
msr daifclr, #6
mov x0, sp
- bl do_trap_hypervisor
+ bl do_trap_hyp_sync
exit hyp=1
hyp_irq:
@@ -211,7 +211,7 @@ guest_sync:
SKIP_SYNCHRONIZE_SERROR_ENTRY_EXIT)
msr daifclr, #6
mov x0, sp
- bl do_trap_hypervisor
+ bl do_trap_guest_sync
1:
exit hyp=0, compat=0
@@ -254,7 +254,7 @@ guest_sync_compat:
SKIP_SYNCHRONIZE_SERROR_ENTRY_EXIT)
msr daifclr, #6
mov x0, sp
- bl do_trap_hypervisor
+ bl do_trap_guest_sync
1:
exit hyp=0, compat=1
diff --git a/xen/arch/arm/traps.c b/xen/arch/arm/traps.c
index 6010c96c54..c8ce62ff96 100644
--- a/xen/arch/arm/traps.c
+++ b/xen/arch/arm/traps.c
@@ -2805,7 +2805,7 @@ static void enter_hypervisor_head(struct cpu_user_regs *regs)
}
}
-asmlinkage void do_trap_hypervisor(struct cpu_user_regs *regs)
+asmlinkage void do_trap_guest_sync(struct cpu_user_regs *regs)
{
const union hsr hsr = { .bits = regs->hsr };
@@ -2925,6 +2925,21 @@ asmlinkage void do_trap_hypervisor(struct cpu_user_regs *regs)
do_trap_data_abort_guest(regs, hsr);
break;
+ default:
+ printk("Guest Trap. HSR=0x%x EC=0x%x IL=%x Syndrome=0x%"PRIx32"\n",
+ hsr.bits, hsr.ec, hsr.len, hsr.iss);
+ do_unexpected_trap("Guest", regs);
+ }
+}
+
+asmlinkage void do_trap_hyp_sync(struct cpu_user_regs *regs)
+{
+ const union hsr hsr = { .bits = regs->hsr };
+
+ enter_hypervisor_head(regs);
+
+ switch ( hsr.ec )
+ {
#ifdef CONFIG_ARM_64
case HSR_EC_BRK:
do_trap_brk(regs, hsr);
--
2.11.0
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [PATCH 3/3] xen/arm: Survive unknown traps from guests
2017-05-04 17:54 [PATCH 0/3] xen/arm: Survive unknown traps from guests Julien Grall
2017-05-04 17:54 ` [PATCH 1/3] xen/arm: arm32: Rename the trap to the correct name Julien Grall
2017-05-04 17:54 ` [PATCH 2/3] xen/arm: do_trap_hypervisor: Separate hypervisor and guest traps Julien Grall
@ 2017-05-04 17:54 ` Julien Grall
2017-05-04 19:14 ` Stefano Stabellini
2 siblings, 1 reply; 10+ messages in thread
From: Julien Grall @ 2017-05-04 17:54 UTC (permalink / raw)
To: xen-devel; +Cc: Mark Rutland, Julien Grall, sstabellini
Currently we crash Xen if we see an ESR_EL2.EC value we don't recognise.
As configurable disables/enables are added to the architecture
(controlled by RES1/RESO bits respectively), with associated synchronous
exceptions, it may be possible for a guest to trigger exceptions with
classes that we don't recognise.
While we can't service these exceptions in a manner useful to the guest,
we can avoid bringing down the host. Per ARM DDI 0487A.k_iss10775, page
D7-1937, EC values within the range 0x00 - 0x2c are reserved for future
use with synchronous exceptions, and EC within the range 0x2d - 0x3f may
be used for either synchronous or asynchronous exceptions.
The patch makes Xen handle any unknown EC by injecting an UNDEFINED
exception into the guest, with a corresponding (ratelimited) warning in
the log.
This patch is based on Linux commit f050fe7a9164 "arm: KVM: Survive unknown
traps from the guest".
Signed-off-by: Julien Grall <julien.grall@arm.com>
Acked-by: Mark Rutland <mark.rutland@arm.com>
---
xen/arch/arm/traps.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/xen/arch/arm/traps.c b/xen/arch/arm/traps.c
index c8ce62ff96..c0203da097 100644
--- a/xen/arch/arm/traps.c
+++ b/xen/arch/arm/traps.c
@@ -2926,9 +2926,10 @@ asmlinkage void do_trap_guest_sync(struct cpu_user_regs *regs)
break;
default:
- printk("Guest Trap. HSR=0x%x EC=0x%x IL=%x Syndrome=0x%"PRIx32"\n",
- hsr.bits, hsr.ec, hsr.len, hsr.iss);
- do_unexpected_trap("Guest", regs);
+ gprintk(XENLOG_WARNING,
+ "Guest Trap. HSR=0x%x EC=0x%x IL=%x Syndrome=0x%"PRIx32"\n",
+ hsr.bits, hsr.ec, hsr.len, hsr.iss);
+ inject_undef_exception(regs, hsr);
}
}
--
2.11.0
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply related [flat|nested] 10+ messages in thread
* Re: [PATCH 2/3] xen/arm: do_trap_hypervisor: Separate hypervisor and guest traps
2017-05-04 17:54 ` [PATCH 2/3] xen/arm: do_trap_hypervisor: Separate hypervisor and guest traps Julien Grall
@ 2017-05-04 18:03 ` Andrew Cooper
2017-05-04 18:06 ` Julien Grall
2017-05-04 19:13 ` Stefano Stabellini
1 sibling, 1 reply; 10+ messages in thread
From: Andrew Cooper @ 2017-05-04 18:03 UTC (permalink / raw)
To: Julien Grall, xen-devel; +Cc: sstabellini
On 04/05/17 18:54, Julien Grall wrote:
> diff --git a/xen/arch/arm/traps.c b/xen/arch/arm/traps.c
> index 6010c96c54..c8ce62ff96 100644
> --- a/xen/arch/arm/traps.c
> +++ b/xen/arch/arm/traps.c
> @@ -2805,7 +2805,7 @@ static void enter_hypervisor_head(struct cpu_user_regs *regs)
> }
> }
>
> -asmlinkage void do_trap_hypervisor(struct cpu_user_regs *regs)
> +asmlinkage void do_trap_guest_sync(struct cpu_user_regs *regs)
> {
> const union hsr hsr = { .bits = regs->hsr };
>
> @@ -2925,6 +2925,21 @@ asmlinkage void do_trap_hypervisor(struct cpu_user_regs *regs)
> do_trap_data_abort_guest(regs, hsr);
> break;
>
> + default:
> + printk("Guest Trap. HSR=0x%x EC=0x%x IL=%x Syndrome=0x%"PRIx32"\n",
Purely cosmetic, but I'd recommend "Unknown Guest Trap ..." or similar.
Simply "Guest Trap" on its own doesn't covey any meaning to a user
reading a console log as to whether is normal or exceptional to
encounter this line.
~Andrew
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH 2/3] xen/arm: do_trap_hypervisor: Separate hypervisor and guest traps
2017-05-04 18:03 ` Andrew Cooper
@ 2017-05-04 18:06 ` Julien Grall
0 siblings, 0 replies; 10+ messages in thread
From: Julien Grall @ 2017-05-04 18:06 UTC (permalink / raw)
To: Andrew Cooper, xen-devel; +Cc: sstabellini
Hi Andrew,
On 04/05/17 19:03, Andrew Cooper wrote:
> On 04/05/17 18:54, Julien Grall wrote:
>> diff --git a/xen/arch/arm/traps.c b/xen/arch/arm/traps.c
>> index 6010c96c54..c8ce62ff96 100644
>> --- a/xen/arch/arm/traps.c
>> +++ b/xen/arch/arm/traps.c
>> @@ -2805,7 +2805,7 @@ static void enter_hypervisor_head(struct cpu_user_regs *regs)
>> }
>> }
>>
>> -asmlinkage void do_trap_hypervisor(struct cpu_user_regs *regs)
>> +asmlinkage void do_trap_guest_sync(struct cpu_user_regs *regs)
>> {
>> const union hsr hsr = { .bits = regs->hsr };
>>
>> @@ -2925,6 +2925,21 @@ asmlinkage void do_trap_hypervisor(struct cpu_user_regs *regs)
>> do_trap_data_abort_guest(regs, hsr);
>> break;
>>
>> + default:
>> + printk("Guest Trap. HSR=0x%x EC=0x%x IL=%x Syndrome=0x%"PRIx32"\n",
>
> Purely cosmetic, but I'd recommend "Unknown Guest Trap ..." or similar.
>
> Simply "Guest Trap" on its own doesn't covey any meaning to a user
> reading a console log as to whether is normal or exceptional to
> encounter this line.
Good point. I will update it.
Cheers,
--
Julien Grall
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH 1/3] xen/arm: arm32: Rename the trap to the correct name
2017-05-04 17:54 ` [PATCH 1/3] xen/arm: arm32: Rename the trap to the correct name Julien Grall
@ 2017-05-04 18:57 ` Stefano Stabellini
0 siblings, 0 replies; 10+ messages in thread
From: Stefano Stabellini @ 2017-05-04 18:57 UTC (permalink / raw)
To: Julien Grall; +Cc: sstabellini, xen-devel
On Thu, 4 May 2017, Julien Grall wrote:
> Per Table B1-3 in ARM DDI 0406C.c, the vector 0x8 for hyp is called
> "Hypervisor Call".
>
> Signed-off-by: Julien Grall <julien.grall@arm.com>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
> ---
> xen/arch/arm/arm32/entry.S | 4 ++--
> xen/arch/arm/arm32/traps.c | 4 ++--
> 2 files changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/xen/arch/arm/arm32/entry.S b/xen/arch/arm/arm32/entry.S
> index 2b04a99664..05733089f7 100644
> --- a/xen/arch/arm/arm32/entry.S
> +++ b/xen/arch/arm/arm32/entry.S
> @@ -149,7 +149,7 @@ trap_##trap: \
> GLOBAL(hyp_traps_vector)
> .word 0 /* 0x00 - Reset */
> b trap_undefined_instruction /* 0x04 - Undefined Instruction */
> - b trap_supervisor_call /* 0x08 - Supervisor Call */
> + b trap_hypervisor_call /* 0x08 - Hypervisor Call */
> b trap_prefetch_abort /* 0x0c - Prefetch Abort */
> b trap_data_abort /* 0x10 - Data Abort */
> b trap_hypervisor /* 0x14 - Hypervisor */
> @@ -157,7 +157,7 @@ GLOBAL(hyp_traps_vector)
> b trap_fiq /* 0x1c - FIQ */
>
> DEFINE_TRAP_ENTRY(undefined_instruction)
> -DEFINE_TRAP_ENTRY(supervisor_call)
> +DEFINE_TRAP_ENTRY(hypervisor_call)
> DEFINE_TRAP_ENTRY(prefetch_abort)
> DEFINE_TRAP_ENTRY(hypervisor)
> DEFINE_TRAP_ENTRY_NOIRQ(irq)
> diff --git a/xen/arch/arm/arm32/traps.c b/xen/arch/arm/arm32/traps.c
> index 5bc5f64d86..e75836792a 100644
> --- a/xen/arch/arm/arm32/traps.c
> +++ b/xen/arch/arm/arm32/traps.c
> @@ -50,9 +50,9 @@ die:
> do_unexpected_trap("Undefined Instruction", regs);
> }
>
> -asmlinkage void do_trap_supervisor_call(struct cpu_user_regs *regs)
> +asmlinkage void do_trap_hypervisor_call(struct cpu_user_regs *regs)
> {
> - do_unexpected_trap("Supervisor Call", regs);
> + do_unexpected_trap("Hypervisor Call", regs);
> }
>
> asmlinkage void do_trap_prefetch_abort(struct cpu_user_regs *regs)
> --
> 2.11.0
>
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH 2/3] xen/arm: do_trap_hypervisor: Separate hypervisor and guest traps
2017-05-04 17:54 ` [PATCH 2/3] xen/arm: do_trap_hypervisor: Separate hypervisor and guest traps Julien Grall
2017-05-04 18:03 ` Andrew Cooper
@ 2017-05-04 19:13 ` Stefano Stabellini
1 sibling, 0 replies; 10+ messages in thread
From: Stefano Stabellini @ 2017-05-04 19:13 UTC (permalink / raw)
To: Julien Grall; +Cc: sstabellini, xen-devel
On Thu, 4 May 2017, Julien Grall wrote:
> The function do_trap_hypervisor is currently handling both trap coming
> from the hypervisor and the guest. This makes difficult to get specific
> behavior when a trap is coming from either the guest or the hypervisor.
>
> Split the function into two parts:
> - do_trap_guest_sync to handle guest traps
> - do_trap_hyp_sync to handle hypervisor traps
>
> On AArch32, the Hyp Trap Exception provides the standard mechanism for
> trapping Guest OS functions to the hypervisor (see B1.14.1 in ARM DDI
> 0406C.c). It cannot be generated when generated when the processor is in
^ remove
> Hyp Mode, instead other exception will be used. So it is fine to replace
> the call to do_trap_hypervisor by do_trap_guest_sync.
>
> For AArch64, there are two distincts exception depending whether the
> exception was taken from the current level (hypervisor) or lower level
> (guest).
>
> Signed-off-by: Julien Grall <julien.grall@arm.com>
> ---
> xen/arch/arm/arm32/entry.S | 4 ++--
> xen/arch/arm/arm64/entry.S | 6 +++---
> xen/arch/arm/traps.c | 17 ++++++++++++++++-
> 3 files changed, 21 insertions(+), 6 deletions(-)
>
> diff --git a/xen/arch/arm/arm32/entry.S b/xen/arch/arm/arm32/entry.S
> index 05733089f7..120922e64e 100644
> --- a/xen/arch/arm/arm32/entry.S
> +++ b/xen/arch/arm/arm32/entry.S
> @@ -152,14 +152,14 @@ GLOBAL(hyp_traps_vector)
> b trap_hypervisor_call /* 0x08 - Hypervisor Call */
> b trap_prefetch_abort /* 0x0c - Prefetch Abort */
> b trap_data_abort /* 0x10 - Data Abort */
> - b trap_hypervisor /* 0x14 - Hypervisor */
> + b trap_guest_sync /* 0x14 - Hypervisor */
> b trap_irq /* 0x18 - IRQ */
> b trap_fiq /* 0x1c - FIQ */
>
> DEFINE_TRAP_ENTRY(undefined_instruction)
> DEFINE_TRAP_ENTRY(hypervisor_call)
> DEFINE_TRAP_ENTRY(prefetch_abort)
> -DEFINE_TRAP_ENTRY(hypervisor)
> +DEFINE_TRAP_ENTRY(guest_sync)
> DEFINE_TRAP_ENTRY_NOIRQ(irq)
> DEFINE_TRAP_ENTRY_NOIRQ(fiq)
> DEFINE_TRAP_ENTRY_NOABORT(data_abort)
> diff --git a/xen/arch/arm/arm64/entry.S b/xen/arch/arm/arm64/entry.S
> index 137e67c674..06afc8a4e4 100644
> --- a/xen/arch/arm/arm64/entry.S
> +++ b/xen/arch/arm/arm64/entry.S
> @@ -189,7 +189,7 @@ hyp_sync:
> entry hyp=1
> msr daifclr, #6
> mov x0, sp
> - bl do_trap_hypervisor
> + bl do_trap_hyp_sync
> exit hyp=1
>
> hyp_irq:
> @@ -211,7 +211,7 @@ guest_sync:
> SKIP_SYNCHRONIZE_SERROR_ENTRY_EXIT)
> msr daifclr, #6
> mov x0, sp
> - bl do_trap_hypervisor
> + bl do_trap_guest_sync
> 1:
> exit hyp=0, compat=0
>
> @@ -254,7 +254,7 @@ guest_sync_compat:
> SKIP_SYNCHRONIZE_SERROR_ENTRY_EXIT)
> msr daifclr, #6
> mov x0, sp
> - bl do_trap_hypervisor
> + bl do_trap_guest_sync
> 1:
> exit hyp=0, compat=1
>
> diff --git a/xen/arch/arm/traps.c b/xen/arch/arm/traps.c
> index 6010c96c54..c8ce62ff96 100644
> --- a/xen/arch/arm/traps.c
> +++ b/xen/arch/arm/traps.c
> @@ -2805,7 +2805,7 @@ static void enter_hypervisor_head(struct cpu_user_regs *regs)
> }
> }
>
> -asmlinkage void do_trap_hypervisor(struct cpu_user_regs *regs)
> +asmlinkage void do_trap_guest_sync(struct cpu_user_regs *regs)
> {
> const union hsr hsr = { .bits = regs->hsr };
>
> @@ -2925,6 +2925,21 @@ asmlinkage void do_trap_hypervisor(struct cpu_user_regs *regs)
> do_trap_data_abort_guest(regs, hsr);
> break;
>
> + default:
> + printk("Guest Trap. HSR=0x%x EC=0x%x IL=%x Syndrome=0x%"PRIx32"\n",
> + hsr.bits, hsr.ec, hsr.len, hsr.iss);
> + do_unexpected_trap("Guest", regs);
Given that this is a guest trap, I am wondering if panicing is actually
the correct behavior here.
> + }
> +}
> +
> +asmlinkage void do_trap_hyp_sync(struct cpu_user_regs *regs)
> +{
> + const union hsr hsr = { .bits = regs->hsr };
> +
> + enter_hypervisor_head(regs);
> +
> + switch ( hsr.ec )
> + {
> #ifdef CONFIG_ARM_64
> case HSR_EC_BRK:
> do_trap_brk(regs, hsr);
> --
> 2.11.0
>
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH 3/3] xen/arm: Survive unknown traps from guests
2017-05-04 17:54 ` [PATCH 3/3] xen/arm: Survive unknown traps from guests Julien Grall
@ 2017-05-04 19:14 ` Stefano Stabellini
2017-05-04 19:18 ` Julien Grall
0 siblings, 1 reply; 10+ messages in thread
From: Stefano Stabellini @ 2017-05-04 19:14 UTC (permalink / raw)
To: Julien Grall; +Cc: Mark Rutland, sstabellini, xen-devel
On Thu, 4 May 2017, Julien Grall wrote:
> Currently we crash Xen if we see an ESR_EL2.EC value we don't recognise.
> As configurable disables/enables are added to the architecture
> (controlled by RES1/RESO bits respectively), with associated synchronous
> exceptions, it may be possible for a guest to trigger exceptions with
> classes that we don't recognise.
>
> While we can't service these exceptions in a manner useful to the guest,
> we can avoid bringing down the host. Per ARM DDI 0487A.k_iss10775, page
> D7-1937, EC values within the range 0x00 - 0x2c are reserved for future
> use with synchronous exceptions, and EC within the range 0x2d - 0x3f may
> be used for either synchronous or asynchronous exceptions.
>
> The patch makes Xen handle any unknown EC by injecting an UNDEFINED
> exception into the guest, with a corresponding (ratelimited) warning in
> the log.
>
> This patch is based on Linux commit f050fe7a9164 "arm: KVM: Survive unknown
> traps from the guest".
>
> Signed-off-by: Julien Grall <julien.grall@arm.com>
> Acked-by: Mark Rutland <mark.rutland@arm.com>
> ---
> xen/arch/arm/traps.c | 7 ++++---
> 1 file changed, 4 insertions(+), 3 deletions(-)
>
> diff --git a/xen/arch/arm/traps.c b/xen/arch/arm/traps.c
> index c8ce62ff96..c0203da097 100644
> --- a/xen/arch/arm/traps.c
> +++ b/xen/arch/arm/traps.c
> @@ -2926,9 +2926,10 @@ asmlinkage void do_trap_guest_sync(struct cpu_user_regs *regs)
> break;
>
> default:
> - printk("Guest Trap. HSR=0x%x EC=0x%x IL=%x Syndrome=0x%"PRIx32"\n",
> - hsr.bits, hsr.ec, hsr.len, hsr.iss);
> - do_unexpected_trap("Guest", regs);
> + gprintk(XENLOG_WARNING,
> + "Guest Trap. HSR=0x%x EC=0x%x IL=%x Syndrome=0x%"PRIx32"\n",
> + hsr.bits, hsr.ec, hsr.len, hsr.iss);
> + inject_undef_exception(regs, hsr);
> }
> }
I see you addressed my previous comment in this patch :-)
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH 3/3] xen/arm: Survive unknown traps from guests
2017-05-04 19:14 ` Stefano Stabellini
@ 2017-05-04 19:18 ` Julien Grall
0 siblings, 0 replies; 10+ messages in thread
From: Julien Grall @ 2017-05-04 19:18 UTC (permalink / raw)
To: Stefano Stabellini; +Cc: Mark Rutland, xen-devel
On 05/04/2017 08:14 PM, Stefano Stabellini wrote:
> On Thu, 4 May 2017, Julien Grall wrote:
>> Currently we crash Xen if we see an ESR_EL2.EC value we don't recognise.
>> As configurable disables/enables are added to the architecture
>> (controlled by RES1/RESO bits respectively), with associated synchronous
>> exceptions, it may be possible for a guest to trigger exceptions with
>> classes that we don't recognise.
>>
>> While we can't service these exceptions in a manner useful to the guest,
>> we can avoid bringing down the host. Per ARM DDI 0487A.k_iss10775, page
>> D7-1937, EC values within the range 0x00 - 0x2c are reserved for future
>> use with synchronous exceptions, and EC within the range 0x2d - 0x3f may
>> be used for either synchronous or asynchronous exceptions.
>>
>> The patch makes Xen handle any unknown EC by injecting an UNDEFINED
>> exception into the guest, with a corresponding (ratelimited) warning in
>> the log.
>>
>> This patch is based on Linux commit f050fe7a9164 "arm: KVM: Survive unknown
>> traps from the guest".
>>
>> Signed-off-by: Julien Grall <julien.grall@arm.com>
>> Acked-by: Mark Rutland <mark.rutland@arm.com>
>> ---
>> xen/arch/arm/traps.c | 7 ++++---
>> 1 file changed, 4 insertions(+), 3 deletions(-)
>>
>> diff --git a/xen/arch/arm/traps.c b/xen/arch/arm/traps.c
>> index c8ce62ff96..c0203da097 100644
>> --- a/xen/arch/arm/traps.c
>> +++ b/xen/arch/arm/traps.c
>> @@ -2926,9 +2926,10 @@ asmlinkage void do_trap_guest_sync(struct cpu_user_regs *regs)
>> break;
>>
>> default:
>> - printk("Guest Trap. HSR=0x%x EC=0x%x IL=%x Syndrome=0x%"PRIx32"\n",
>> - hsr.bits, hsr.ec, hsr.len, hsr.iss);
>> - do_unexpected_trap("Guest", regs);
>> + gprintk(XENLOG_WARNING,
>> + "Guest Trap. HSR=0x%x EC=0x%x IL=%x Syndrome=0x%"PRIx32"\n",
>> + hsr.bits, hsr.ec, hsr.len, hsr.iss);
>> + inject_undef_exception(regs, hsr);
>> }
>> }
>
> I see you addressed my previous comment in this patch :-)
I wanted to keep the actual behavior in the previous patch (e.g panicing
on unknown traps). I will have to resend the series to address Andrew's
comment, so I can mention it in the commit message.
Cheers,
--
Julien Grall
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2017-05-04 19:18 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-05-04 17:54 [PATCH 0/3] xen/arm: Survive unknown traps from guests Julien Grall
2017-05-04 17:54 ` [PATCH 1/3] xen/arm: arm32: Rename the trap to the correct name Julien Grall
2017-05-04 18:57 ` Stefano Stabellini
2017-05-04 17:54 ` [PATCH 2/3] xen/arm: do_trap_hypervisor: Separate hypervisor and guest traps Julien Grall
2017-05-04 18:03 ` Andrew Cooper
2017-05-04 18:06 ` Julien Grall
2017-05-04 19:13 ` Stefano Stabellini
2017-05-04 17:54 ` [PATCH 3/3] xen/arm: Survive unknown traps from guests Julien Grall
2017-05-04 19:14 ` Stefano Stabellini
2017-05-04 19:18 ` Julien Grall
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.