xenbits.xensource.com Git - xen.git/commit

author	Tim Deegan <tim@xen.org>
	Wed, 16 Mar 2016 17:05:25 +0000 (17:05 +0000)
committer	Andrew Cooper <andrew.cooper3@citrix.com>
	Wed, 20 Apr 2016 17:06:38 +0000 (18:06 +0100)
commit	24ebffa9f57a14b6f20376ae422b941715af9a4e
tree	d0428ec785caa73578a56357f3fc5ab53bbd1a24	tree
parent	c2f8ab34391e1a25e6cf30783aec5d18a7706765	commit \| diff

x86: limit GFNs to 32 bits for shadowed superpages.

Superpage shadows store the shadowed GFN in the backpointer field,
which for non-BIGMEM builds is 32 bits wide. Shadowing a superpage
mapping of a guest-physical address above 2^44 would lead to the GFN
being truncated there, and a crash when we come to remove the shadow
from the hash table.

Track the valid width of a GFN for each guest, including reporting it
through CPUID, and enforce it in the shadow pagetables. Set the
maximum witth to 32 for guests where this truncation could occur.

This is XSA-173.

Reported-by: Ling Liu <liuling-it@360.cn>
Signed-off-by: Tim Deegan <tim@xen.org>
Signed-off-by: Jan Beulich <jbeulich@suse.com>

xen/arch/x86/cpu/common.c		diff \| blob \| blame \| history
xen/arch/x86/hvm/hvm.c		diff \| blob \| blame \| history
xen/arch/x86/mm/guest_walk.c		diff \| blob \| blame \| history
xen/arch/x86/mm/hap/hap.c		diff \| blob \| blame \| history
xen/arch/x86/mm/shadow/common.c		diff \| blob \| blame \| history
xen/arch/x86/mm/shadow/multi.c		diff \| blob \| blame \| history
xen/include/asm-x86/domain.h		diff \| blob \| blame \| history
xen/include/asm-x86/guest_pt.h		diff \| blob \| blame \| history
xen/include/asm-x86/processor.h		diff \| blob \| blame \| history
xen/include/asm-x86/x86_64/page.h		diff \| blob \| blame \| history