xenbits.xensource.com Git - xen.git/commit

author	Tim Deegan <tim@xen.org>
	Wed, 16 Mar 2016 17:07:18 +0000 (17:07 +0000)
committer	Andrew Cooper <andrew.cooper3@citrix.com>
	Wed, 20 Apr 2016 17:07:27 +0000 (18:07 +0100)
commit	c04846eeb3d96cf670dc5894b66f3f6e61c2531d
tree	f4f96a8f54b1cf0ffa318e756d43a98c476ca6d4	tree
parent	8fa31952e2d08ef63897c43b5e8b33475ebf5d93	commit \| diff

x86: limit GFNs to 32 bits for shadowed superpages.

Superpage shadows store the shadowed GFN in the backpointer field,
which for non-BIGMEM builds is 32 bits wide. Shadowing a superpage
mapping of a guest-physical address above 2^44 would lead to the GFN
being truncated there, and a crash when we come to remove the shadow
from the hash table.

Track the valid width of a GFN for each guest, including reporting it
through CPUID, and enforce it in the shadow pagetables. Set the
maximum witth to 32 for guests where this truncation could occur.

This is XSA-173.

Reported-by: Ling Liu <liuling-it@360.cn>
Signed-off-by: Tim Deegan <tim@xen.org>
Signed-off-by: Jan Beulich <jbeulich@suse.com>

xen/arch/x86/cpu/common.c		diff \| blob \| blame \| history
xen/arch/x86/hvm/hvm.c		diff \| blob \| blame \| history
xen/arch/x86/mm/guest_walk.c		diff \| blob \| blame \| history
xen/arch/x86/mm/hap/hap.c		diff \| blob \| blame \| history
xen/arch/x86/mm/shadow/common.c		diff \| blob \| blame \| history
xen/arch/x86/mm/shadow/multi.c		diff \| blob \| blame \| history
xen/include/asm-x86/domain.h		diff \| blob \| blame \| history
xen/include/asm-x86/guest_pt.h		diff \| blob \| blame \| history
xen/include/asm-x86/processor.h		diff \| blob \| blame \| history
xen/include/asm-x86/x86_64/page.h		diff \| blob \| blame \| history