| Message ID | 20170504175425.22759-4-julien.grall@arm.com |
|---|---|
| State | Superseded |
| Headers | show |
| Series | xen/arm: Survive unknown traps from guests | expand |
On Thu, 4 May 2017, Julien Grall wrote: > Currently we crash Xen if we see an ESR_EL2.EC value we don't recognise. > As configurable disables/enables are added to the architecture > (controlled by RES1/RESO bits respectively), with associated synchronous > exceptions, it may be possible for a guest to trigger exceptions with > classes that we don't recognise. > > While we can't service these exceptions in a manner useful to the guest, > we can avoid bringing down the host. Per ARM DDI 0487A.k_iss10775, page > D7-1937, EC values within the range 0x00 - 0x2c are reserved for future > use with synchronous exceptions, and EC within the range 0x2d - 0x3f may > be used for either synchronous or asynchronous exceptions. > > The patch makes Xen handle any unknown EC by injecting an UNDEFINED > exception into the guest, with a corresponding (ratelimited) warning in > the log. > > This patch is based on Linux commit f050fe7a9164 "arm: KVM: Survive unknown > traps from the guest". > > Signed-off-by: Julien Grall <julien.grall@arm.com> > Acked-by: Mark Rutland <mark.rutland@arm.com> > --- > xen/arch/arm/traps.c | 7 ++++--- > 1 file changed, 4 insertions(+), 3 deletions(-) > > diff --git a/xen/arch/arm/traps.c b/xen/arch/arm/traps.c > index c8ce62ff96..c0203da097 100644 > --- a/xen/arch/arm/traps.c > +++ b/xen/arch/arm/traps.c > @@ -2926,9 +2926,10 @@ asmlinkage void do_trap_guest_sync(struct cpu_user_regs *regs) > break; > > default: > - printk("Guest Trap. HSR=0x%x EC=0x%x IL=%x Syndrome=0x%"PRIx32"\n", > - hsr.bits, hsr.ec, hsr.len, hsr.iss); > - do_unexpected_trap("Guest", regs); > + gprintk(XENLOG_WARNING, > + "Guest Trap. HSR=0x%x EC=0x%x IL=%x Syndrome=0x%"PRIx32"\n", > + hsr.bits, hsr.ec, hsr.len, hsr.iss); > + inject_undef_exception(regs, hsr); > } > } I see you addressed my previous comment in this patch :-) Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
On 05/04/2017 08:14 PM, Stefano Stabellini wrote: > On Thu, 4 May 2017, Julien Grall wrote: >> Currently we crash Xen if we see an ESR_EL2.EC value we don't recognise. >> As configurable disables/enables are added to the architecture >> (controlled by RES1/RESO bits respectively), with associated synchronous >> exceptions, it may be possible for a guest to trigger exceptions with >> classes that we don't recognise. >> >> While we can't service these exceptions in a manner useful to the guest, >> we can avoid bringing down the host. Per ARM DDI 0487A.k_iss10775, page >> D7-1937, EC values within the range 0x00 - 0x2c are reserved for future >> use with synchronous exceptions, and EC within the range 0x2d - 0x3f may >> be used for either synchronous or asynchronous exceptions. >> >> The patch makes Xen handle any unknown EC by injecting an UNDEFINED >> exception into the guest, with a corresponding (ratelimited) warning in >> the log. >> >> This patch is based on Linux commit f050fe7a9164 "arm: KVM: Survive unknown >> traps from the guest". >> >> Signed-off-by: Julien Grall <julien.grall@arm.com> >> Acked-by: Mark Rutland <mark.rutland@arm.com> >> --- >> xen/arch/arm/traps.c | 7 ++++--- >> 1 file changed, 4 insertions(+), 3 deletions(-) >> >> diff --git a/xen/arch/arm/traps.c b/xen/arch/arm/traps.c >> index c8ce62ff96..c0203da097 100644 >> --- a/xen/arch/arm/traps.c >> +++ b/xen/arch/arm/traps.c >> @@ -2926,9 +2926,10 @@ asmlinkage void do_trap_guest_sync(struct cpu_user_regs *regs) >> break; >> >> default: >> - printk("Guest Trap. HSR=0x%x EC=0x%x IL=%x Syndrome=0x%"PRIx32"\n", >> - hsr.bits, hsr.ec, hsr.len, hsr.iss); >> - do_unexpected_trap("Guest", regs); >> + gprintk(XENLOG_WARNING, >> + "Guest Trap. HSR=0x%x EC=0x%x IL=%x Syndrome=0x%"PRIx32"\n", >> + hsr.bits, hsr.ec, hsr.len, hsr.iss); >> + inject_undef_exception(regs, hsr); >> } >> } > > I see you addressed my previous comment in this patch :-) I wanted to keep the actual behavior in the previous patch (e.g panicing on unknown traps). I will have to resend the series to address Andrew's comment, so I can mention it in the commit message. Cheers,
diff --git a/xen/arch/arm/traps.c b/xen/arch/arm/traps.c index c8ce62ff96..c0203da097 100644 --- a/xen/arch/arm/traps.c +++ b/xen/arch/arm/traps.c @@ -2926,9 +2926,10 @@ asmlinkage void do_trap_guest_sync(struct cpu_user_regs *regs) break; default: - printk("Guest Trap. HSR=0x%x EC=0x%x IL=%x Syndrome=0x%"PRIx32"\n", - hsr.bits, hsr.ec, hsr.len, hsr.iss); - do_unexpected_trap("Guest", regs); + gprintk(XENLOG_WARNING, + "Guest Trap. HSR=0x%x EC=0x%x IL=%x Syndrome=0x%"PRIx32"\n", + hsr.bits, hsr.ec, hsr.len, hsr.iss); + inject_undef_exception(regs, hsr); } }