[PATCH] arm: Fix corruption of protected bits in restrict_bitmask_access
2 views
Skip to first unread message
Jan Kiszka
Jul 17, 2016, 1:12:45 PM7/17/16
to Jailhouse, Antonios Motakis
From: Jan Kiszka <jan.k...@siemens.com>
We must only mask in bits that are permitted according to access_mask.
The current code cause troubles to the root cell when a non-root Linux
instance was booting.
Signed-off-by: Jan Kiszka <jan.k...@siemens.com>
---
Strange that this didn't cause problems with ARM64. On 32-bit, it froze
the root cell very reliably.
hypervisor/arch/arm/gic-common.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/hypervisor/arch/arm/gic-common.c b/hypervisor/arch/arm/gic-common.c
index 60aa6fe..c74f30a 100644
--- a/hypervisor/arch/arm/gic-common.c
+++ b/hypervisor/arch/arm/gic-common.c
@@ -95,9 +95,8 @@ restrict_bitmask_access(struct mmio_access *mmio, unsigned int reg_index,
mmio_perform_access(gicd_base, mmio);
mmio->is_write = true;
- /* Clear 0 bits */
- mmio->value &= ~(access_mask & ~access_val);
- mmio->value |= access_val;
+ mmio->value &= ~access_mask;
+ mmio->value |= access_val & access_mask;
mmio_perform_access(gicd_base, mmio);
spin_unlock(&dist_lock);
--
2.1.4
We must only mask in bits that are permitted according to access_mask.
The current code cause troubles to the root cell when a non-root Linux
instance was booting.
Signed-off-by: Jan Kiszka <jan.k...@siemens.com>
---
Strange that this didn't cause problems with ARM64. On 32-bit, it froze
the root cell very reliably.
hypervisor/arch/arm/gic-common.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/hypervisor/arch/arm/gic-common.c b/hypervisor/arch/arm/gic-common.c
index 60aa6fe..c74f30a 100644
--- a/hypervisor/arch/arm/gic-common.c
+++ b/hypervisor/arch/arm/gic-common.c
@@ -95,9 +95,8 @@ restrict_bitmask_access(struct mmio_access *mmio, unsigned int reg_index,
mmio_perform_access(gicd_base, mmio);
mmio->is_write = true;
- /* Clear 0 bits */
- mmio->value &= ~(access_mask & ~access_val);
- mmio->value |= access_val;
+ mmio->value &= ~access_mask;
+ mmio->value |= access_val & access_mask;
mmio_perform_access(gicd_base, mmio);
spin_unlock(&dist_lock);
--
2.1.4
Reply all
Reply to author
Forward
0 new messages