From: Wei Chen <Wei.Chen@arm.com>
Date: Tue, 29 Nov 2016 14:59:26 +0000 (+0100)
Subject: arm: crash the guest when it traps on external abort
X-Git-Tag: archive/raspbian/4.8.0-1+rpi1~1^2~61^2~3
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=f8c6a9334b251d2e78b0873a71b4d369908fb123;p=xen.git

arm: crash the guest when it traps on external abort

If we spot a data or prefetch abort bearing the ESR_EL2.EA bit set, we
know that this is an external abort, and that should crash the guest.

This is part of XSA-201.

Signed-off-by: Wei Chen <Wei.Chen@arm.com>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
Reviewed-by: Steve Capper <steve.capper@arm.com>
Reviewed-by: Julien Grall <Julien.Grall@arm.com>
---

diff --git a/xen/arch/arm/traps.c b/xen/arch/arm/traps.c
index 3bbd002370..8ff73fe5e1 100644
--- a/xen/arch/arm/traps.c
+++ b/xen/arch/arm/traps.c
@@ -2409,6 +2409,15 @@ static void do_trap_instr_abort_guest(struct cpu_user_regs *regs,
     paddr_t gpa;
     mfn_t mfn;
 
+    /*
+     * If this bit has been set, it means that this instruction abort is caused
+     * by a guest external abort. Currently we crash the guest to protect the
+     * hypervisor. In future one can better handle this by injecting a virtual
+     * abort to the guest.
+     */
+    if ( hsr.iabt.eat )
+        domain_crash_synchronous();
+
     if ( hpfar_is_valid(hsr.iabt.s1ptw, fsc) )
         gpa = get_faulting_ipa(gva);
     else
@@ -2503,6 +2512,15 @@ static void do_trap_data_abort_guest(struct cpu_user_regs *regs,
     uint8_t fsc = hsr.dabt.dfsc & ~FSC_LL_MASK;
     mfn_t mfn;
 
+    /*
+     * If this bit has been set, it means that this data abort is caused
+     * by a guest external abort. Currently we crash the guest to protect the
+     * hypervisor. In future one can better handle this by injecting a virtual
+     * abort to the guest.
+     */
+    if ( dabt.eat )
+        domain_crash_synchronous();
+
     info.dabt = dabt;
 #ifdef CONFIG_ARM_32
     info.gva = READ_CP32(HDFAR);