xen/arm: Trap cache and TCM lockdown registers

Some cp15 c9/c10/c11 encodings are used for:
     - cache control
     - TCM control
     - branch predictor control

All of them are implementation defined. For now inject an undefined exception
if the guest wants try to access it.

This is CVE-2014-2915 / XSA-93.

Signed-off-by: Julien Grall <julien.grall@linaro.org>
Acked-by: Ian Campbell <ian.campbell@citrix.com>

diff --git a/xen/arch/arm/traps.c b/xen/arch/arm/traps.c
index 17ac8d87de75d559c4dc6f6baf4e00dcfb1f534e..b77e623692601ccbc17d5c6c58963bb5f6bd6d85 100644 (file)
--- a/xen/arch/arm/traps.c
+++ b/xen/arch/arm/traps.c
@@ -82,7 +82,7 @@ void __cpuinit init_traps(void)
 
     /* Setup hypervisor traps */
     WRITE_SYSREG(HCR_PTW|HCR_BSU_INNER|HCR_AMO|HCR_IMO|HCR_VM|HCR_TWI|HCR_TSC|
-                 HCR_TAC|HCR_SWIO, HCR_EL2);
+                 HCR_TAC|HCR_SWIO|HCR_TIDCP, HCR_EL2);
     isb();
 }