From patchwork Tue Jan 12 21:52:28 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Oleksandr Tyshchenko X-Patchwork-Id: 12014939 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 686C2C433DB for ; Tue, 12 Jan 2021 21:59:12 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 0F549208B3 for ; Tue, 12 Jan 2021 21:59:12 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 0F549208B3 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from list by lists.xenproject.org with outflank-mailman.66076.117251 (Exim 4.92) (envelope-from ) id 1kzRgo-0003dd-LO; Tue, 12 Jan 2021 21:58:58 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 66076.117251; Tue, 12 Jan 2021 21:58:58 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1kzRgo-0003dA-Cd; Tue, 12 Jan 2021 21:58:58 +0000 Received: by outflank-mailman (input) for mailman id 66076; Tue, 12 Jan 2021 21:58:55 +0000 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1kzRcy-0002PK-KI for xen-devel@lists.xenproject.org; Tue, 12 Jan 2021 21:55:00 +0000 Received: from mail-wr1-x431.google.com (unknown [2a00:1450:4864:20::431]) by us1-rack-iad1.inumbo.com (Halon) with ESMTPS id 289e7733-795a-4b97-bc99-0e0332592d63; Tue, 12 Jan 2021 21:53:16 +0000 (UTC) Received: by mail-wr1-x431.google.com with SMTP id r7so18279wrc.5 for ; Tue, 12 Jan 2021 13:53:14 -0800 (PST) Received: from otyshchenko.www.tendawifi.com ([212.22.223.21]) by smtp.gmail.com with ESMTPSA id 138sm6574053wma.41.2021.01.12.13.53.13 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 12 Jan 2021 13:53:13 -0800 (PST) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 289e7733-795a-4b97-bc99-0e0332592d63 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=pY2EFgr5mZYb8VB78RF90bV56k/p4A7pIlBY1qio2Gw=; b=F1sEvpaf++vKOVcm7VJUbBFnQs64PZvbL8vV4c5mNsxuApay5BbcZxkB5Uv36KX71p BOTB/GPgXjQ4UXbEwzGsbkBGR9M1HAJ60M6r84HwJR8Z9NYFsxmYhvLDDF74TP8Y1Ump x4/2gnLzwBMAwh0bYuTVGp9UKPZPOR7iBK+2y6/+54ixeQkcYkhgmdVHPqXCHA5GnC72 SmKKt9zZbowlD41oA7VJ1wUZxd/UkAMroquAZCDbMXmq2kG7f7PzvCbb457kqIDQY6zP 3VoNzeevYUb/LmArzh3MyF+QpQeXCQGC7rVRgEUC2wnYIKUukQh+AIL/UJj9VqlwbIrO aG+A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=pY2EFgr5mZYb8VB78RF90bV56k/p4A7pIlBY1qio2Gw=; b=rTWx8SeX1dove/pIziZ+61/g70WKLtjy+ne62UUtLsiXfD8yMgA+oFVrJsdArC76Zv lf1mjz/wUw0OJN92hG814NURQzdKpJbkQMO9WJgz3X99J0fZULl+YWiJp9yLLsgh4ymt k8/y+v2pjXscrNmS3B8Tsf9uJoaP5L9Mw7emzKAbbRlqSDjK5q7Hy7e+TejFTx3U+ncK qR98dD22IXMs8jzLcg8wDZxepQACvDu+iab8WaXVekf3saWrkIQbTd69Vp/+Ja+zn//M 71/24QMNwv4A28mzHNtnc1xRwqP3jCMBtIiFK6cnhA8HsbAB9QhTc4eX41WJVPaApJ7P iwaw== X-Gm-Message-State: AOAM5303JFh2ekXrwcCqyZM+jv08ZTLLQIjJNaE52TCeBaJ8iWTmk2UN Dwy9yM5rX8+xFCROXmiSqRXyX9pumbV3NA== X-Google-Smtp-Source: ABdhPJz/WFN/AicNIBoaiz3sEvig6nDC2HbYwIaKJVX7I6VBPHLqmeE2eJTbI1Z76Z0Id9wHJa1wFw== X-Received: by 2002:adf:a4cc:: with SMTP id h12mr775366wrb.391.1610488393829; Tue, 12 Jan 2021 13:53:13 -0800 (PST) From: Oleksandr Tyshchenko To: xen-devel@lists.xenproject.org Cc: Oleksandr Tyshchenko , Stefano Stabellini , Julien Grall , Volodymyr Babchuk , Julien Grall Subject: [PATCH V4 20/24] xen/arm: io: Harden sign extension check Date: Tue, 12 Jan 2021 23:52:28 +0200 Message-Id: <1610488352-18494-21-git-send-email-olekstysh@gmail.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1610488352-18494-1-git-send-email-olekstysh@gmail.com> References: <1610488352-18494-1-git-send-email-olekstysh@gmail.com> From: Oleksandr Tyshchenko In the ideal world we would never get an undefined behavior when propagating the sign bit since that bit can only be set for access size smaller than the register size (i.e byte/half-word for aarch32, byte/half-word/word for aarch64). In the real world we need to care for *possible* hardware bug such as advertising a sign extension for either 64-bit (or 32-bit) on Arm64 (resp. Arm32). So harden a bit more the code to prevent undefined behavior when propagating the sign bit in case of buggy hardware. Signed-off-by: Oleksandr Tyshchenko CC: Julien Grall Reviewed-by: Stefano Stabellini Reviewed-by: Volodymyr Babchuk --- Please note, this is a split/cleanup/hardening of Julien's PoC: "Add support for Guest IO forwarding to a device emulator" Changes V3 -> V4: - new patch --- xen/include/asm-arm/traps.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/xen/include/asm-arm/traps.h b/xen/include/asm-arm/traps.h index e301c44..992d537 100644 --- a/xen/include/asm-arm/traps.h +++ b/xen/include/asm-arm/traps.h @@ -93,7 +93,8 @@ static inline register_t sign_extend(const struct hsr_dabt dabt, register_t r) * Note that we expect the read handler to have zeroed the bits * outside the requested access size. */ - if ( dabt.sign && (r & (1UL << (size - 1))) ) + if ( dabt.sign && (size < sizeof(register_t) * 8) && + (r & (1UL << (size - 1))) ) { /* * We are relying on register_t using the same as