On Mon, Oct 12, 2015 at 03:04:50PM +0100, Mark Rutland wrote: > If we panic in hyp mode, we inject a call to panic() into the EL1N host > kernel. If a guest context is active, we first attempt to restore the > minimal amount of state necessary to execute the host kernel with > restore_sysregs. > > However, the SP is restored as part of restore_common_regs, and so we > may return to the host's panic() function with the SP of the guest. Any > calculations based on the SP will be bogus, and any attempt to access > the stack will result in recursive data aborts. > > When running Linux as a guest, the guest's EL1N SP is like to be some > valid kernel address. In this case, the host kernel may use that region > as a stack for panic(), corrupting it in the process. > > Avoid the problem by restoring the host SP prior to returning to the > host. To prevent misleading backtraces in the host, the FP is zeroed at > the same time. We don't need any of the other "common" registers in > order to panic successfully. > > Signed-off-by: Mark Rutland <mark.rutland@xxxxxxx> > Acked-by: Marc Zyngier <marc.zyngier@xxxxxxx> > Cc: Christoffer Dall <christoffer.dall@xxxxxxxxxx> > Cc: <kvmarm@xxxxxxxxxxxxxxxxxxxxx> Applied - thanks, -Christoffer _______________________________________________ kvmarm mailing list kvmarm@xxxxxxxxxxxxxxxxxxxxx https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
