RE: [PATCH 0/3] KVM: arm64: BUG FIX: Correctly handle zero register transfers

Pavel Fedin <p.fedin@xxxxxxxxxxx> · Thu, 03 Dec 2015 13:53:14 +0300

 Hello!

> > The problem has been discovered by performing an operation
> >
> >  *((volatile int *)reg) = 0;
> >
> > which compiles as "str xzr, [xx]", and resulted in strange values being
> > written.
> 
> Interesting find. Which compiler is that?

$ aarch64-linux-gnu-gcc --version
aarch64-linux-gnu-gcc (Linaro GCC 2014.11) 4.9.3 20141031 (prerelease)
Copyright (C) 2014 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.  There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

 This is from my colleague who actually hit the bug by his driver. And i can reproduce the issue with different compiler version
using the following small testcase:
--- cut ---
p.fedin@fedinw7x64 /cygdrive/d/Projects/Test
$ cat test.c
volatile int *addr;

int test_val(int val)
{
    *addr = val;
}

int test_zero(void)
{
    *addr = 0;
}

p.fedin@fedinw7x64 /cygdrive/d/Projects/Test
$ aarch64-unknown-linux-gnu-gcc -O2 -c test.c

p.fedin@fedinw7x64 /cygdrive/d/Projects/Test
$ aarch64-unknown-linux-gnu-objdump -d test.o

test.o:     file format elf64-littleaarch64

Disassembly of section .text:

0000000000000000 <test_val>:
   0:   2a0003e2        mov     w2, w0
   4:   2a0103e0        mov     w0, w1
   8:   90000001        adrp    x1, 8 <test_val+0x8>
   c:   f9400021        ldr     x1, [x1]
  10:   b9000022        str     w2, [x1]
  14:   d65f03c0        ret

0000000000000018 <test_zero>:
  18:   90000001        adrp    x1, 8 <test_val+0x8>
  1c:   f9400021        ldr     x1, [x1]
  20:   b900003f        str     wzr, [x1]
  24:   d65f03c0        ret

p.fedin@fedinw7x64 /cygdrive/d/Projects/Test
$ aarch64-unknown-linux-gnu-gcc --version
aarch64-unknown-linux-gnu-gcc (GCC) 4.9.0
Copyright (C) 2014 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.  There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
--- cut ---

 Isn't it legitimate to write from ZR to MMIO register?
 Another potential case is in our vgic-v3-switch.S:

	msr_s	ICH_HCR_EL2, xzr

 It's only because it is KVM code we have never discovered this problem yet. Somebody could write such a thing in some other place,
with some other register, which would be executed by KVM, and... boo...

Kind regards,
Pavel Fedin
Expert Engineer
Samsung Electronics Research center Russia

_______________________________________________
kvmarm mailing list
kvmarm@xxxxxxxxxxxxxxxxxxxxx
https://lists.cs.columbia.edu/mailman/listinfo/kvmarm