From: Julien Grall <julien.grall@linaro.org>
To: Ian Campbell <ian.campbell@citrix.com>
Cc: Andre Przywara <andre.przywara@calxeda.com>,
stefano.stabellini@eu.citrix.com, tim@xen.org,
xen-devel@lists.xen.org
Subject: Re: [PATCH] xen: arm: inject unhandled instruction and data aborts to the guest.
Date: Mon, 09 Dec 2013 15:57:55 +0000 [thread overview]
Message-ID: <52A5E883.8090109@linaro.org> (raw)
In-Reply-To: <1386601104-10021-1-git-send-email-ian.campbell@citrix.com>
On 12/09/2013 02:58 PM, Ian Campbell wrote:
> Currently an unhandled data abort in guest context leads to us killing the
> guest and an unhandled instruction abort in guest context leads to us killing
> the host!
>
> Andre pointed out that an unhandled data abort can be caused by e.g. dmidecode
> looking for things which are not there in the guests physical address space.
> Propagating the fault to the guest allows it to properly SIGSEGV the
> processes.
>
> A guest kernel can trivially jump to an unmapped physical address which would
> cause an instruction abort. Killing the host for that is obviously bad.
> Instead inject the exception so the guest kernel can SIGSEGV or panic() etc as
> it deems appropriate.
>
> Tested on arm64 (Mustang) and arm32 (Midway) with a dom0 kernel late_initcall
> which either dereferences or jumps to address 0, provoking both behaviours and
> resulting correctly in a guest kernel panic. Also tested on fast models with a
> 32-bit dom0 on a 64-bit hypervisor, which behaved correctly.
>
> In addition tested on both platforms with a userspace program which either
> calls to or dereferences address 0. The process is correctly killed with SEGV.
>
> Lastly tested on Mustang with a 32-bit version of the userspace test on a
> 64-bit dom0 kernel.
>
> I think that covers all the cases.
>
> Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
> Cc: Andre Przywara <andre.przywara@calxeda.com>
> ---
> Release wise this is a(n important) bug fix.
> ---
> xen/arch/arm/traps.c | 199 +++++++++++++++++++++++++++++++++------
> xen/include/asm-arm/cpregs.h | 1 +
> xen/include/asm-arm/processor.h | 15 ++-
> xen/include/asm-arm/regs.h | 2 +
> 4 files changed, 184 insertions(+), 33 deletions(-)
>
> diff --git a/xen/arch/arm/traps.c b/xen/arch/arm/traps.c
> index 2a85d37..e4e7f83 100644
> --- a/xen/arch/arm/traps.c
> +++ b/xen/arch/arm/traps.c
> @@ -264,6 +264,8 @@ static void cpsr_switch_mode(struct cpu_user_regs *regs, int mode)
>
> regs->cpsr |= mode;
> regs->cpsr |= PSR_IRQ_MASK;
> + if (mode == PSR_MODE_ABT)
if ( ... )
The patch looks good to me:
Acked-by: Julien Grall <julien.grall@linaro.org>
--
Julien Grall
next prev parent reply other threads:[~2013-12-09 15:57 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-12-09 14:58 [PATCH] xen: arm: inject unhandled instruction and data aborts to the guest Ian Campbell
2013-12-09 15:57 ` Julien Grall [this message]
2013-12-09 16:46 ` Ian Campbell
2013-12-11 13:37 ` Ian Campbell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=52A5E883.8090109@linaro.org \
--to=julien.grall@linaro.org \
--cc=andre.przywara@calxeda.com \
--cc=ian.campbell@citrix.com \
--cc=stefano.stabellini@eu.citrix.com \
--cc=tim@xen.org \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.