From d2a167258b0b10567eb7abe3f34cf14660ed424e Mon Sep 17 00:00:00 2001 From: Julien Grall Date: Thu, 25 Jul 2013 16:21:30 +0100 Subject: [PATCH] xen/arm: Don't emulate the MMIO access if the instruction syndrome is invalid When the instruction syndrome is not valid, the transfer register is unknown. If this register is used in the emulation code (it's the case for the VGIC), Xen can retrieve wrong data. For safety, consider invalid instruction syndrome as wrong memory access. Signed-off-by: Julien Grall Acked-by: Ian Campbell --- xen/arch/arm/traps.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/xen/arch/arm/traps.c b/xen/arch/arm/traps.c index f2ffcb7ae5..29690396e3 100644 --- a/xen/arch/arm/traps.c +++ b/xen/arch/arm/traps.c @@ -1010,6 +1010,10 @@ static void do_trap_data_abort_guest(struct cpu_user_regs *regs, if ( rc == -EFAULT ) goto bad_data_abort; + /* XXX: Decode the instruction if ISS is not valid */ + if ( !dabt.valid ) + goto bad_data_abort; + if (handle_mmio(&info)) { regs->pc += dabt.len ? 4 : 2; -- 2.30.2