|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH v3] x86/shadow: Correct guest behaviour when creating PTEs above maxphysaddr
> From: Andrew Cooper [mailto:andrew.cooper3@xxxxxxxxxx] > Sent: Thursday, February 16, 2017 11:46 PM > > XSA-173 (c/s 8b1764833) introduces gfn_bits, and an upper limit which might be > lower than the real maxphysaddr, to avoid overflowing the superpage shadow > backpointer. > > However, plenty of hardware has a physical address width less that 44 bits, > and the code added in shadow_domain_init() is a straight assignment. This > causes gfn_bits to be increased beyond the physical address width on most > Intel consumer hardware (typically a width of 39, which is the number reported > to the guest via CPUID). > > If the guest intentionally creates a PTE referencing a physical address > between 39 and 44 bits, the result should be #PF[RSVD] for using the virtual > address. However, the shadow code accepts the PTE, shadows it, and the > virtual address works normally. > > Introduce paging_max_paddr_bits() to calculate the largest guest physical > address supportable by the paging infrastructure, and update > recalculate_cpuid_policy() to take this into account when clamping the guests > cpuid_policy to reality. > > There is an existing gfn_valid() in guest_pt.h but it is unused in the > codebase. Repurpose it to perform a guest-specific maxphysaddr check, which > replaces the users of gfn_bits. > > Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> Reviewed-by: Kevin Tian <kevin.tian@xxxxxxxxx> _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx https://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |