don't pass r12 as reference

r12 and x16 are of different sizes; when passing r12 as a reference to
do_trap_hypercall on arm64, we end up dereferencing it as a pointer to a
64bit value, but actually it isn't.

Instead, use a temporary variable to pass r12, and write back the result
after the call to do_trap_hypercall.

CID: 1457708
Signed-off-by: Stefano Stabellini <sstabellini@kernel.org>
Reviewed-by: Julien Grall <julien.grall@linaro.org>

diff --git a/xen/arch/arm/traps.c b/xen/arch/arm/traps.c
index a3e4919751f274d1b06cd32cb435c5ecf90f9eb1..c8534d6cff78526b59a5493724663ce5d3138b30 100644 (file)
--- a/xen/arch/arm/traps.c
+++ b/xen/arch/arm/traps.c
@@ -2126,6 +2126,9 @@ void do_trap_guest_sync(struct cpu_user_regs *regs)
         do_trap_smc(regs, hsr);
         break;
     case HSR_EC_HVC32:
+    {
+        register_t nr;
+
         GUEST_BUG_ON(!psr_mode_is_32bit(regs->cpsr));
         perfc_incr(trap_hvc32);
 #ifndef NDEBUG
@@ -2134,8 +2137,11 @@ void do_trap_guest_sync(struct cpu_user_regs *regs)
 #endif
         if ( hsr.iss == 0 )
             return do_trap_hvc_smccc(regs);
-        do_trap_hypercall(regs, (register_t *)&regs->r12, hsr.iss);
+        nr = regs->r12;
+        do_trap_hypercall(regs, &nr, hsr.iss);
+        regs->r12 = (uint32_t)nr;
         break;
+    }
 #ifdef CONFIG_ARM_64
     case HSR_EC_HVC64:
         GUEST_BUG_ON(psr_mode_is_32bit(regs->cpsr));