arm/arm64: KVM: set right LR register value for 32 bit guest when inject abort

commit fd6c8c206fc5d0717b0433b191de0715122f33bb upstream.

When a exception is trapped to EL2, hardware uses  ELR_ELx to hold
the current fault instruction address. If KVM wants to inject a
abort to 32 bit guest, it needs to set the LR register for the
guest to emulate this abort happened in the guest. Because ARM32
architecture is pipelined execution, so the LR value has an offset to
the fault instruction address.

The offsets applied to Link value for exceptions as shown below,
which should be added for the ARM32 link register(LR).

Table taken from ARMv8 ARM DDI0487B-B, table G1-10:
Exception			Offset, for PE state of:
				A32 	  T32
Undefined Instruction 		+4 	  +2
Prefetch Abort 			+4 	  +4
Data Abort 			+8 	  +8
IRQ or FIQ 			+4 	  +4

  [ Removed unused variables in inject_abt to avoid compile warnings.
    -- Christoffer ]

Signed-off-by: Dongjiu Geng <gengdongjiu@huawei.com>
Tested-by: Haibin Zhang <zhanghaibin7@huawei.com>
Reviewed-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Christoffer Dall <cdall@linaro.org>
[bwh: Backported to 3.16:
 - Don't delete cpsr variable in inject_abt() as it's still needed
 - Adjust context]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>

diff --git a/arch/arm/kvm/emulate.c b/arch/arm/kvm/emulate.c
index d6c005283678fe5061a50cc8f5efd1febcc0f27b..ef0a11f8a9d1d3727b15b361bfc29b37dc7f43a8 100644 (file)
--- a/arch/arm/kvm/emulate.c
+++ b/arch/arm/kvm/emulate.c
@@ -295,7 +295,7 @@ void kvm_inject_undefined(struct kvm_vcpu *vcpu)
        u32 return_offset = (is_thumb) ? 2 : 4;
 
        new_spsr_value = cpsr;
-       new_lr_value = *vcpu_pc(vcpu) - return_offset;
+       new_lr_value = *vcpu_pc(vcpu) + return_offset;
 
        *vcpu_cpsr(vcpu) = (cpsr & ~MODE_MASK) | UND_MODE;
        *vcpu_cpsr(vcpu) |= PSR_I_BIT;
@@ -324,9 +324,8 @@ static void inject_abt(struct kvm_vcpu *vcpu, bool is_pabt, unsigned long addr)
        unsigned long new_spsr_value;
        unsigned long cpsr = *vcpu_cpsr(vcpu);
        u32 sctlr = vcpu->arch.cp15[c1_SCTLR];
-       bool is_thumb = (cpsr & PSR_T_BIT);
        u32 vect_offset;
-       u32 return_offset = (is_thumb) ? 4 : 0;
+       u32 return_offset = (is_pabt) ? 4 : 8;
        bool is_lpae;
 
        new_spsr_value = cpsr;

diff --git a/arch/arm64/kvm/inject_fault.c b/arch/arm64/kvm/inject_fault.c
index f527a37ac979249fad9a6e7bd28143a0e0bcd609..595d311affe87d48cf9d12fbce0d8bea8db51219 100644 (file)
--- a/arch/arm64/kvm/inject_fault.c
+++ b/arch/arm64/kvm/inject_fault.c
@@ -29,12 +29,26 @@
                                 PSR_I_BIT | PSR_D_BIT)
 #define EL1_EXCEPT_SYNC_OFFSET 0x200
 
+/*
+ * Table taken from ARMv8 ARM DDI0487B-B, table G1-10.
+ */
+static const u8 return_offsets[8][2] = {
+       [0] = { 0, 0 },         /* Reset, unused */
+       [1] = { 4, 2 },         /* Undefined */
+       [2] = { 0, 0 },         /* SVC, unused */
+       [3] = { 4, 4 },         /* Prefetch abort */
+       [4] = { 8, 8 },         /* Data abort */
+       [5] = { 0, 0 },         /* HVC, unused */
+       [6] = { 4, 4 },         /* IRQ, unused */
+       [7] = { 4, 4 },         /* FIQ, unused */
+};
+
 static void prepare_fault32(struct kvm_vcpu *vcpu, u32 mode, u32 vect_offset)
 {
        unsigned long cpsr;
        unsigned long new_spsr_value = *vcpu_cpsr(vcpu);
        bool is_thumb = (new_spsr_value & COMPAT_PSR_T_BIT);
-       u32 return_offset = (is_thumb) ? 4 : 0;
+       u32 return_offset = return_offsets[vect_offset >> 2][is_thumb];
        u32 sctlr = vcpu_cp15(vcpu, c1_SCTLR);
 
        cpsr = mode | COMPAT_PSR_I_BIT;