xen/arm: check read handler behavior

We expect mmio read handlers to leave the bits above the access size
zeroed. Add an ASSERT to check this aspect of read handler behavior.

Suggested-by: Roger Pau Monné <roger.pau@citrix.com>
Signed-off-by: Stewart Hildebrand <stewart.hildebrand@amd.com>
Acked-by: Julien Grall <jgrall@amazon.com>

diff --git a/xen/arch/arm/io.c b/xen/arch/arm/io.c
index 653428e16c1f804e26fa0e69476a82ec3fca7dea..5a4b0e8f25c63ca1a41c27387e54d9d798ce9bf0 100644 (file)
--- a/xen/arch/arm/io.c
+++ b/xen/arch/arm/io.c
@@ -37,6 +37,8 @@ static enum io_state handle_read(const struct mmio_handler *handler,
     if ( !handler->ops->read(v, info, &r, handler->priv) )
         return IO_ABORT;
 
     if ( !handler->ops->read(v, info, &r, handler->priv) )
         return IO_ABORT;
 

+    ASSERT((r & ~GENMASK((1U << info->dabt.size) * 8 - 1, 0)) == 0);
+

     r = sign_extend(dabt, r);
 
     set_user_reg(regs, dabt.reg, r);
     r = sign_extend(dabt, r);
 
     set_user_reg(regs, dabt.reg, r);