xen/arm: Survive unknown traps from guests

Currently we crash Xen if we see an ESR_EL2.EC value we don't recognise.
As configurable disables/enables are added to the architecture
(controlled by RES1/RESO bits respectively), with associated synchronous
exceptions, it may be possible for a guest to trigger exceptions with
classes that we don't recognise.

While we can't service these exceptions in a manner useful to the guest,
we can avoid bringing down the host. Per ARM DDI 0487A.k_iss10775, page
D7-1937, EC values within the range 0x00 - 0x2c are reserved for future
use with synchronous exceptions, and EC within the range 0x2d - 0x3f may
be used for either synchronous or asynchronous exceptions.

The patch makes Xen handle any unknown EC by injecting an UNDEFINED
exception into the guest, with a corresponding (ratelimited) warning in
the log.

This patch is based on Linux commit f050fe7a9164 "arm: KVM: Survive unknown
traps from the guest".

Signed-off-by: Julien Grall <julien.grall@arm.com>
Acked-by: Mark Rutland <mark.rutland@arm.com>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
master-commit-id: baf2950213e6a50801940643e2549a5baa21ad71

diff --git a/xen/arch/arm/traps.c b/xen/arch/arm/traps.c
index 518a36e6e509dc38d2e42bdad04313023686a2d4..bc4cbbb35feb5cb7e6b166cc6d6d43a4d4abe639 100644 (file)
--- a/xen/arch/arm/traps.c
+++ b/xen/arch/arm/traps.c
@@ -2778,9 +2778,10 @@ asmlinkage void do_trap_guest_sync(struct cpu_user_regs *regs)
         break;
 
     default:
-        printk("Unknown Guest Trap. HSR=0x%x EC=0x%x IL=%x Syndrome=0x%"PRIx32"\n",
-               hsr.bits, hsr.ec, hsr.len, hsr.iss);
-        do_unexpected_trap("Guest", regs);
+        gprintk(XENLOG_WARNING,
+                "Unknown Guest Trap. HSR=0x%x EC=0x%x IL=%x Syndrome=0x%"PRIx32"\n",
+                hsr.bits, hsr.ec, hsr.len, hsr.iss);
+        inject_undef_exception(regs, hsr);
     }
 }