xen/arm: traps: Don't inject a fault if the translation VA -> IPA fails

Based on ARM ARM (D4.5.3 in ARM DDI 0486A and B3.12.7 in ARM DDI 0406C.c),
a Stage 1 translation error has priority over a Stage 2 translation error.

Therefore gva_to_ipa can only fail if another vCPU is playing with the
page table.

Rather than injecting a custom fault, replay the instruction and let the
processor injecting the correct fault.

This is fine as Xen is handling all the pending softirqs
(see leave_hypervisor_tail) before returning to the guest. One of them
is the scheduler which could rescheduled the vCPU.

Signed-off-by: Julien Grall <julien.grall@arm.com>
Acked-by: Stefano Stabellini <sstabellini@kernel.org>

diff --git a/xen/arch/arm/traps.c b/xen/arch/arm/traps.c
index f509a00f0f165495df3a5b529b91088e9e76f06f..0f78d2121b0ddeeff5cd906dbb000937211b35e7 100644 (file)
--- a/xen/arch/arm/traps.c
+++ b/xen/arch/arm/traps.c
@@ -2412,7 +2412,7 @@ static void do_trap_instr_abort_guest(struct cpu_user_regs *regs,
 
             rc = gva_to_ipa(gva, &gpa, GV2M_READ);
             if ( rc == -EFAULT )
-                goto bad_insn_abort;
+                return; /* Try again */
         }
 
         rc = p2m_mem_access_check(gpa, gva, npfec);
@@ -2424,7 +2424,6 @@ static void do_trap_instr_abort_guest(struct cpu_user_regs *regs,
     break;
     }
 
-bad_insn_abort:
     inject_iabt_exception(regs, gva, hsr.len);
 }
 
@@ -2448,7 +2447,7 @@ static void do_trap_data_abort_guest(struct cpu_user_regs *regs,
     {
         rc = gva_to_ipa(info.gva, &info.gpa, GV2M_READ);
         if ( rc == -EFAULT )
-            goto bad_data_abort;
+            return; /* Try again */
     }
 
     switch ( dabt.dfsc & 0x3f )