[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 4/9] xen: arm: turn vtimer traps for cp32/64 and sysreg into #undef

To: Julien Grall <julien.grall@xxxxxxxxxx>
From: Ian Campbell <Ian.Campbell@xxxxxxxxxx>
Date: Wed, 10 Sep 2014 10:46:27 +0100
Cc: stefano.stabellini@xxxxxxxxxxxxx, tim@xxxxxxx, xen-devel@xxxxxxxxxxxxx
Delivery-date: Wed, 10 Sep 2014 09:46:47 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

On Tue, 2014-09-09 at 16:31 -0700, Julien Grall wrote:
> Hi Ian,
> 
> On 09/09/14 09:23, Ian Campbell wrote:
> > We have allowed EL1 to access these registers directly for some time
> > (at least since 4.3.0). They were only ever trapped to support very
> > early models which had a buggy hypervisor timer, requiring us to use
> > the phys timer for Xen itself.
> > In the interests of minimising the patch for the security update just
> > remove the call to vtimer_emulate and inject an #undef exception. In
> > practice we will never see any of these traps.
> 
> I disagree with the commit message, a guest may use the physical timer 
> rather than the virtual timer. It's the case when a guest doesn't have 
> the necessary code to use the virtual timer.

I think you've misunderstood. The guest is allowed direct access to the
physical timer ever since we removed the workaround for the buggy
hypervisor timer on the models. Hence we are never trapping these
registers anyway. Probably I should go further here and actually remove
all the phys timer emulation support from vtimer.c.

> Hence, the guest could decide to let the userspace access to CNTPCT_EL0 
> (see CNTKCTL.PL0CTEN). In a such case, the application will be broken on 
> Xen guest.
> 
> > Handle CNTPCT_EL0 explicitly for consistency with CNTPCT on 32-bit.
> >
> > Signed-off-by: Ian Campbell <ian.campbell@xxxxxxxxxx>
> > ---
> >   xen/arch/arm/traps.c |   37 ++++++++++++-------------------------
> >   1 file changed, 12 insertions(+), 25 deletions(-)
> >
> > diff --git a/xen/arch/arm/traps.c b/xen/arch/arm/traps.c
> > index 353e38e..46ed21d 100644
> > --- a/xen/arch/arm/traps.c
> > +++ b/xen/arch/arm/traps.c
> > @@ -1478,13 +1478,8 @@ static void do_cp15_32(struct cpu_user_regs *regs,
> >           break;
> >       case HSR_CPREG32(CNTP_CTL):
> >       case HSR_CPREG32(CNTP_TVAL):
> > -        if ( !vtimer_emulate(regs, hsr) )
> 
> You dropped every call to vtimer_emulate. It may be interesting to 
> remove the related code in vtimer.c

Yes, I didn't do that when this was going to be a security update to
keep the size of the patch down, but I should do so now though.

Ian.


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH 4/9] xen: arm: turn vtimer traps for cp32/64 and sysreg into #undef
  - From: Julien Grall

References:
- [Xen-devel] [RFC PATCH 0/9] xen: arm: reenable support for 32-bit userspace running in 64-bit guest.
  - From: Ian Campbell
- [Xen-devel] [PATCH 4/9] xen: arm: turn vtimer traps for cp32/64 and sysreg into #undef
  - From: Ian Campbell
- Re: [Xen-devel] [PATCH 4/9] xen: arm: turn vtimer traps for cp32/64 and sysreg into #undef
  - From: Julien Grall

Prev by Date: Re: [Xen-devel] [PATCH v2 08/21] xen/arm: Initialize the virtual GIC later
Next by Date: Re: [Xen-devel] [PATCH 5/9] xen: arm: Handle CP15 register traps from userspace
Previous by thread: Re: [Xen-devel] [PATCH 4/9] xen: arm: turn vtimer traps for cp32/64 and sysreg into #undef
Next by thread: Re: [Xen-devel] [PATCH 4/9] xen: arm: turn vtimer traps for cp32/64 and sysreg into #undef
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.