blob: af7fc3703e0d2b97774541713078e58dfad8216e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
|
From: Wei Chen <Wei.Chen@arm.com>
Subject: arm: crash the guest when it traps on external abort
If we spot a data or prefetch abort bearing the ESR_EL2.EA bit set, we
know that this is an external abort, and that should crash the guest.
This is CVE-2016-9817, part of XSA-201.
Signed-off-by: Wei Chen <Wei.Chen@arm.com>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
Reviewed-by: Steve Capper <steve.capper@arm.com>
Reviewed-by: Julien Grall <Julien.Grall@arm.com>
--- a/xen/arch/arm/traps.c
+++ b/xen/arch/arm/traps.c
@@ -2383,6 +2383,15 @@ static void do_trap_instr_abort_guest(struct cpu_user_regs *regs,
int rc;
register_t gva = READ_SYSREG(FAR_EL2);
+ /*
+ * If this bit has been set, it means that this instruction abort is caused
+ * by a guest external abort. Currently we crash the guest to protect the
+ * hypervisor. In future one can better handle this by injecting a virtual
+ * abort to the guest.
+ */
+ if ( hsr.iabt.eat )
+ domain_crash_synchronous();
+
switch ( hsr.iabt.ifsc & 0x3f )
{
case FSC_FLT_PERM ... FSC_FLT_PERM + 3:
@@ -2437,6 +2446,15 @@ static void do_trap_data_abort_guest(struct cpu_user_regs *regs,
return;
}
+ /*
+ * If this bit has been set, it means that this data abort is caused
+ * by a guest external abort. Currently we crash the guest to protect the
+ * hypervisor. In future one can better handle this by injecting a virtual
+ * abort to the guest.
+ */
+ if ( dabt.eat )
+ domain_crash_synchronous();
+
info.dabt = dabt;
#ifdef CONFIG_ARM_32
info.gva = READ_CP32(HDFAR);
|
