dgit.raspbian.org Git - xen.git/commit

author	Wei Chen <Wei.Chen@arm.com>
	Tue, 29 Nov 2016 14:59:55 +0000 (15:59 +0100)
committer	Jan Beulich <jbeulich@suse.com>
	Tue, 29 Nov 2016 14:59:55 +0000 (15:59 +0100)
commit	6aaff7b407ca76dcfc4fe81f2afe9d1594cb0d6b
tree	3a80faef81678ffcd4e75c12c6230a66218b396e	tree \| snapshot
parent	f8c6a9334b251d2e78b0873a71b4d369908fb123	commit \| diff

arm32: handle async aborts delivered while at HYP

If guest generates an asynchronous abort and then traps into HYP
(by HVC or IRQ) before the abort has been delivered, the hypervisor
could not catch it, because the PSTATE.A bit is masked all the time
in hypervisor. So this asynchronous abort may be slipped to next
running guest with PSTATE.A bit unmasked.

In order to avoid this, it is necessary to take the abort at HYP, by
clearing the PSTATE.A bit. In this patch, we unmask the PSTATE.A bit
to open a window to catch guest-generated asynchronous abort in all
Guest -> HYP switch paths. If we caught such asynchronous abort in
checking window, the HYP data abort exception will be triggered and
the abort source guest will be crashed.

This is part of XSA-201.

Signed-off-by: Wei Chen <Wei.Chen@arm.com>
Reviewed-by: Julien Grall <julien.grall@arm.com>
Acked-by: Stefano Stabellini <sstabellini@kernel.org>

xen/arch/arm/arm32/entry.S		diff \| blob \| history
xen/arch/arm/arm32/traps.c		diff \| blob \| history
xen/include/asm-arm/arm32/processor.h		diff \| blob \| history
xen/include/asm-arm/processor.h		diff \| blob \| history