From 56498d2cf9d3c5f7d3d894a89f7d66ed81548e01 Mon Sep 17 00:00:00 2001
From: Stefano Stabellini <sstabellini@kernel.org>
Date: Thu, 18 Jan 2018 13:48:49 -0800
Subject: [PATCH] don't pass r12 as reference

r12 and x16 are of different sizes; when passing r12 as a reference to
do_trap_hypercall on arm64, we end up dereferencing it as a pointer to a
64bit value, but actually it isn't.

Instead, use a temporary variable to pass r12, and write back the result
after the call to do_trap_hypercall.

CID: 1457708
Signed-off-by: Stefano Stabellini <sstabellini@kernel.org>
Reviewed-by: Julien Grall <julien.grall@linaro.org>
---
 xen/arch/arm/traps.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/xen/arch/arm/traps.c b/xen/arch/arm/traps.c
index a3e4919751..c8534d6cff 100644
--- a/xen/arch/arm/traps.c
+++ b/xen/arch/arm/traps.c
@@ -2126,6 +2126,9 @@ void do_trap_guest_sync(struct cpu_user_regs *regs)
         do_trap_smc(regs, hsr);
         break;
     case HSR_EC_HVC32:
+    {
+        register_t nr;
+
         GUEST_BUG_ON(!psr_mode_is_32bit(regs->cpsr));
         perfc_incr(trap_hvc32);
 #ifndef NDEBUG
@@ -2134,8 +2137,11 @@ void do_trap_guest_sync(struct cpu_user_regs *regs)
 #endif
         if ( hsr.iss == 0 )
             return do_trap_hvc_smccc(regs);
-        do_trap_hypercall(regs, (register_t *)&regs->r12, hsr.iss);
+        nr = regs->r12;
+        do_trap_hypercall(regs, &nr, hsr.iss);
+        regs->r12 = (uint32_t)nr;
         break;
+    }
 #ifdef CONFIG_ARM_64
     case HSR_EC_HVC64:
         GUEST_BUG_ON(psr_mode_is_32bit(regs->cpsr));
-- 
2.30.2