From mboxrd@z Thu Jan  1 00:00:00 1970
From: Ian Campbell <ian.campbell@citrix.com>
Subject: Re: [PATCH 5/9] xen: arm: Handle CP15 register traps
	from userspace
Date: Thu, 18 Sep 2014 02:31:59 +0100
Message-ID: <1411003919.1920.7.camel@citrix.com>
References: <1410279730.8217.238.camel@kazak.uk.xensource.com>
	<1410279788-27167-5-git-send-email-ian.campbell@citrix.com>
	<540F9062.8030904@linaro.org>
	<1410342483.8217.274.camel@kazak.uk.xensource.com>
	<54109EC9.1070303@linaro.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
In-Reply-To: <54109EC9.1070303@linaro.org>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: Julien Grall <julien.grall@linaro.org>
Cc: stefano.stabellini@eu.citrix.com, tim@xen.org, xen-devel@lists.xen.org
List-Id: xen-devel@lists.xenproject.org

On Wed, 2014-09-10 at 11:56 -0700, Julien Grall wrote:
> 
> On 10/09/14 02:48, Ian Campbell wrote:
> > On Tue, 2014-09-09 at 16:42 -0700, Julien Grall wrote:
> >> Hi Ian,
> >>
> >> On 09/09/14 09:23, Ian Campbell wrote:
> >>> Previously userspace access to PM* would have been incorrectly (but benignly)
> >>> implemented as RAZ/WI when running on a 32-bit kernel and would cause a
> >>> hypervisor exception (host crash) when running a 64-bit kernel (this was
> >>> already solved via the fix to XSA-102).
> >>>
> >>> CLIDR, CCSIDR, DCCISW, ACTLR, PMINTENSET, PMINTENCLR are EL1 only, attempts to
> >>> access from EL0 will trap to EL1 not to us, hence BUG_ON is appropriate now.
> >>
> >> In the unlikely case it happens, I don't think it will harm Xen, but
> >> only the guest. So is the BUG_ON really necessary on these registers?
> >>
> >> I think we should use BUG_ON when we know that it will harm the Xen and
> >> it's not possible to come back from the state.
> >
> > AIUI it would be a hardware bug to see these traps in Xen. I think a
> > BUG_ON is acceptable for such an occurrence.
> 
> I would turn into an ASSERT to avoid checking it in non-debug build.

BUG_ON is what we normally use in these circumstances. If we did hit
this case we would want to stop, not carry on with hardware in a
potentially unknown/unpredictable state, even for a non-debug build.

Ian.