From: Julien Grall <julien.grall@linaro.org>
Date: Wed, 11 Oct 2017 14:29:02 +0000 (+0100)
Subject: xen/arm: guest_walk: Fix get_ipa_output_size
X-Git-Tag: archive/raspbian/4.11.1-1+rpi1~1^2~66^2~1126
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=e692f0f9a2e5898a3251c956d3c9d18c7260186a;p=xen.git

xen/arm: guest_walk: Fix get_ipa_output_size

The function get_ipa_output_size checks whether the input size
configured by the guest is valid and will return it.

The check is done with the IPS already shifted against
TCR_EL1_IPS_48_BIT. However the constant has been defined with the
shift included, as a result the check is always false.

Fix it by doing the check on the non-shifted value.

This was introduced by commit 7d623b358a "arm/mem_access: Add long-descriptor
based gpt" introduced software page-table walk for stage-1.

Note that the IPS code is now surrounded with #ifdef CONFIG_ARM_64
because the Arm32 compiler will complain of shift bigger than the width
of the variable. This is fine as the code is executed for 64-bit domain only.

Coverity-ID: 1457707
Signed-off-by: Julien Grall <julien.grall@linaro.org>
Reviewed-by: Sergej Proskurin <proskurin@sec.in.tum.de>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
Signed-off-by: Stefano Stabellini <sstabellini@kernel.org>
---

diff --git a/xen/arch/arm/guest_walk.c b/xen/arch/arm/guest_walk.c
index c38bedcf65..4d1ea0cdc1 100644
--- a/xen/arch/arm/guest_walk.c
+++ b/xen/arch/arm/guest_walk.c
@@ -185,7 +185,8 @@ static int guest_walk_sd(const struct vcpu *v,
 static int get_ipa_output_size(struct domain *d, register_t tcr,
                                unsigned int *output_size)
 {
-    unsigned int ips;
+#ifdef CONFIG_ARM_64
+    register_t ips;
 
     static const unsigned int ipa_sizes[7] = {
         TCR_EL1_IPS_32_BIT_VAL,
@@ -200,7 +201,7 @@ static int get_ipa_output_size(struct domain *d, register_t tcr,
     if ( is_64bit_domain(d) )
     {
         /* Get the intermediate physical address size. */
-        ips = (tcr & TCR_EL1_IPS_MASK) >> TCR_EL1_IPS_SHIFT;
+        ips = tcr & TCR_EL1_IPS_MASK;
 
         /*
          * Return an error on reserved IPA output-sizes and if the IPA
@@ -211,9 +212,10 @@ static int get_ipa_output_size(struct domain *d, register_t tcr,
         if ( ips > TCR_EL1_IPS_48_BIT )
             return -EFAULT;
 
-        *output_size = ipa_sizes[ips];
+        *output_size = ipa_sizes[ips >> TCR_EL1_IPS_SHIFT];
     }
     else
+#endif
         *output_size = TCR_EL1_IPS_40_BIT_VAL;
 
     return 0;