xen-devel.lists.xenproject.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] xen/arm64: ensure that the correct SP is used for exceptions
@ 2016-04-28 17:14 Kyle Temkin
  2016-05-03 10:43 ` Julien Grall
  0 siblings, 1 reply; 3+ messages in thread
From: Kyle Temkin @ 2016-04-28 17:14 UTC (permalink / raw)
  To: xen-devel; +Cc: julien.grall, sstabellini, Kyle J. Temkin

From: "Kyle J. Temkin" <temkink@ainfosec.com>

The ARMv8 architecture has a SPSel ("stack pointer selection") machine
register that allows us to determine which exception level's stack
pointer is loaded when an exception occurs. As we don't want to
use the non-priveleged SP_EL0 stack pointer -- or even assume that SP_EL0
points to a valid address in the hypervisor context--  we'll need to ensure
that our EL2 code sets the SPSel to SP_ELn mode, so exceptions that trap
to EL2 use the EL2 stack pointer.

This corrects an issue that can manifest as a hang-on-IRQ on some
arm64 cores if the firmware/bootloader has previously initialized SPSel
to 0; in which case Xen's exceptions will incorrectly use an invalid SP_EL0,
and will endlessly spin on the synchronous abort handler.

Signed-off-by: Kyle Temkin <temkink@ainfosec.com>
---
 xen/arch/arm/arm64/head.S | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/xen/arch/arm/arm64/head.S b/xen/arch/arm/arm64/head.S
index 946e2c9..d5831f2 100644
--- a/xen/arch/arm/arm64/head.S
+++ b/xen/arch/arm/arm64/head.S
@@ -361,6 +361,11 @@ skip_bss:
         ldr   x0, =(HSCTLR_BASE)
         msr   SCTLR_EL2, x0
 
+        /* Ensure that any exceptions encountered at EL2
+         * are handled using the EL2 stack pointer, rather
+         * than SP_EL0. */
+        msr spsel, #1
+
         /* Rebuild the boot pagetable's first-level entries. The structure
          * is described in mm.c.
          *
-- 
2.7.2


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [PATCH] xen/arm64: ensure that the correct SP is used for exceptions
  2016-04-28 17:14 [PATCH] xen/arm64: ensure that the correct SP is used for exceptions Kyle Temkin
@ 2016-05-03 10:43 ` Julien Grall
  2016-05-03 13:37   ` Wei Liu
  0 siblings, 1 reply; 3+ messages in thread
From: Julien Grall @ 2016-05-03 10:43 UTC (permalink / raw)
  To: Kyle Temkin, xen-devel; +Cc: Wei Liu, sstabellini, Kyle J. Temkin

(CC Wei for release-ack)

Hello Kyle,

On 28/04/16 18:14, Kyle Temkin wrote:
> From: "Kyle J. Temkin" <temkink@ainfosec.com>
>
> The ARMv8 architecture has a SPSel ("stack pointer selection") machine
> register that allows us to determine which exception level's stack
> pointer is loaded when an exception occurs. As we don't want to
> use the non-priveleged SP_EL0 stack pointer -- or even assume that SP_EL0

NIT: s/priveleged/privileged/

> points to a valid address in the hypervisor context--  we'll need to ensure
> that our EL2 code sets the SPSel to SP_ELn mode, so exceptions that trap
> to EL2 use the EL2 stack pointer.
>
> This corrects an issue that can manifest as a hang-on-IRQ on some
> arm64 cores if the firmware/bootloader has previously initialized SPSel
> to 0; in which case Xen's exceptions will incorrectly use an invalid SP_EL0,
> and will endlessly spin on the synchronous abort handler.
>
> Signed-off-by: Kyle Temkin <temkink@ainfosec.com>

Reviewed-by: Julien Grall <julien.grall@arm.com>

Wei, this is a bug-fix and I think it should go to Xen 4.7.

We would also need to backport this patch on Xen 4.4 -> Xen 4.6.

Regards,

> ---
>   xen/arch/arm/arm64/head.S | 5 +++++
>   1 file changed, 5 insertions(+)
>
> diff --git a/xen/arch/arm/arm64/head.S b/xen/arch/arm/arm64/head.S
> index 946e2c9..d5831f2 100644
> --- a/xen/arch/arm/arm64/head.S
> +++ b/xen/arch/arm/arm64/head.S
> @@ -361,6 +361,11 @@ skip_bss:
>           ldr   x0, =(HSCTLR_BASE)
>           msr   SCTLR_EL2, x0
>
> +        /* Ensure that any exceptions encountered at EL2
> +         * are handled using the EL2 stack pointer, rather
> +         * than SP_EL0. */
> +        msr spsel, #1
> +
>           /* Rebuild the boot pagetable's first-level entries. The structure
>            * is described in mm.c.
>            *
>

-- 
Julien Grall

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [PATCH] xen/arm64: ensure that the correct SP is used for exceptions
  2016-05-03 10:43 ` Julien Grall
@ 2016-05-03 13:37   ` Wei Liu
  0 siblings, 0 replies; 3+ messages in thread
From: Wei Liu @ 2016-05-03 13:37 UTC (permalink / raw)
  To: Julien Grall; +Cc: xen-devel, Kyle Temkin, sstabellini, Kyle J. Temkin, Wei Liu

On Tue, May 03, 2016 at 11:43:34AM +0100, Julien Grall wrote:
> (CC Wei for release-ack)
> 
> Hello Kyle,
> 
> On 28/04/16 18:14, Kyle Temkin wrote:
> >From: "Kyle J. Temkin" <temkink@ainfosec.com>
> >
> >The ARMv8 architecture has a SPSel ("stack pointer selection") machine
> >register that allows us to determine which exception level's stack
> >pointer is loaded when an exception occurs. As we don't want to
> >use the non-priveleged SP_EL0 stack pointer -- or even assume that SP_EL0
> 
> NIT: s/priveleged/privileged/
> 
> >points to a valid address in the hypervisor context--  we'll need to ensure
> >that our EL2 code sets the SPSel to SP_ELn mode, so exceptions that trap
> >to EL2 use the EL2 stack pointer.
> >
> >This corrects an issue that can manifest as a hang-on-IRQ on some
> >arm64 cores if the firmware/bootloader has previously initialized SPSel
> >to 0; in which case Xen's exceptions will incorrectly use an invalid SP_EL0,
> >and will endlessly spin on the synchronous abort handler.
> >
> >Signed-off-by: Kyle Temkin <temkink@ainfosec.com>
> 
> Reviewed-by: Julien Grall <julien.grall@arm.com>
> 
> Wei, this is a bug-fix and I think it should go to Xen 4.7.
> 

Release-acked-by: Wei Liu <wei.liu2@citrix.com>

> We would also need to backport this patch on Xen 4.4 -> Xen 4.6.
> 
> Regards,
> 
> >---
> >  xen/arch/arm/arm64/head.S | 5 +++++
> >  1 file changed, 5 insertions(+)
> >
> >diff --git a/xen/arch/arm/arm64/head.S b/xen/arch/arm/arm64/head.S
> >index 946e2c9..d5831f2 100644
> >--- a/xen/arch/arm/arm64/head.S
> >+++ b/xen/arch/arm/arm64/head.S
> >@@ -361,6 +361,11 @@ skip_bss:
> >          ldr   x0, =(HSCTLR_BASE)
> >          msr   SCTLR_EL2, x0
> >
> >+        /* Ensure that any exceptions encountered at EL2
> >+         * are handled using the EL2 stack pointer, rather
> >+         * than SP_EL0. */
> >+        msr spsel, #1
> >+
> >          /* Rebuild the boot pagetable's first-level entries. The structure
> >           * is described in mm.c.
> >           *
> >
> 
> -- 
> Julien Grall

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2016-05-03 13:39 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-04-28 17:14 [PATCH] xen/arm64: ensure that the correct SP is used for exceptions Kyle Temkin
2016-05-03 10:43 ` Julien Grall
2016-05-03 13:37   ` Wei Liu

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).