From 0ebb6832f043ecfc6a3dcab8a7ba5c4070901ab7 Mon Sep 17 00:00:00 2001 From: Vikram Sethi Date: Mon, 28 Mar 2016 23:46:12 -0500 Subject: [PATCH] arm: Fix asynchronous aborts (SError exceptions) due to bogus PTEs ARMv8 architecture allows performing prefetch data/instructions from memory locations marked as normal memory. Prefetch does not mean that the data/instruction has to be used/executed in code flow. All PTEs that appear to be valid to MMU must contain valid physical address with proper attributes otherwise MMU table walk might cause imprecise asynchronous aborts. The way current XEN code is preparing page tables for frametable and xenheap memory can create bogus PTEs. This patch fixes the issue by clearing page table memory before populating EL2 L0/L1 PTEs. Without this patch XEN crashes on Qualcomm Technologies server chips due to asynchronous aborts. The speculative/prefetch feature explanation is scattered everywhere in ARM specification but below two sections have useful information. E2.8 Memory types and attributes (ver DDI0487A_h) G4.12.6 External abort on a translation table walk (ver DDI0487A_h) Signed-off-by: Vikram Sethi Signed-off-by: Shanker Donthineni Acked-by: Julien Grall --- xen/arch/arm/mm.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/xen/arch/arm/mm.c b/xen/arch/arm/mm.c index 0aae6c50fa..7065c3e6dd 100644 --- a/xen/arch/arm/mm.c +++ b/xen/arch/arm/mm.c @@ -730,6 +730,8 @@ void __init setup_xenheap_mappings(unsigned long base_mfn, else { unsigned long first_mfn = alloc_boot_pages(1, 1); + + clear_page(mfn_to_virt(first_mfn)); pte = mfn_to_xen_entry(first_mfn, WRITEALLOC); pte.pt.table = 1; write_pte(p, pte); @@ -773,6 +775,7 @@ void __init setup_frametable_mappings(paddr_t ps, paddr_t pe) second = mfn_to_virt(second_base); for ( i = 0; i < nr_second; i++ ) { + clear_page(mfn_to_virt(second_base + i)); pte = mfn_to_xen_entry(second_base + i, WRITEALLOC); pte.pt.table = 1; write_pte(&xen_first[first_table_offset(FRAMETABLE_VIRT_START)+i], pte); -- 2.30.2