x86/shadow: Don't create self-linear shadow mappings for 4-level translated guests

author Andrew Cooper <andrew.cooper3@citrix.com>

Thu, 12 Oct 2017 14:02:10 +0000 (16:02 +0200)

committer Jan Beulich <jbeulich@suse.com>

Thu, 12 Oct 2017 14:02:10 +0000 (16:02 +0200)
author Andrew Cooper <andrew.cooper3@citrix.com>
Thu, 12 Oct 2017 14:02:10 +0000 (16:02 +0200)
committer Jan Beulich <jbeulich@suse.com>
Thu, 12 Oct 2017 14:02:10 +0000 (16:02 +0200)
diff --git a/xen/arch/x86/mm/shadow/multi.c b/xen/arch/x86/mm/shadow/multi.c

index e16bf1b4923dd291651da06500ceda32a20732fd..948c86a6dd8ee2c2887d770a46b39181104294be 100644 (file)
--- a/xen/arch/x86/mm/shadow/multi.c
+++ b/xen/arch/x86/mm/shadow/multi.c
@@ -1453,26 +1453,38 @@ void sh_install_xen_entries_in_l4(struct vcpu *v, mfn_t gl4mfn, mfn_t sl4mfn)
          shadow_l4e_from_mfn(page_to_mfn(d->arch.perdomain_l3_pg),
                              __PAGE_HYPERVISOR);
  
-    /* Shadow linear mapping for 4-level shadows.  N.B. for 3-level
-     * shadows on 64-bit xen, this linear mapping is later replaced by the
-     * monitor pagetable structure, which is built in make_monitor_table
-     * and maintained by sh_update_linear_entries. */
-    sl4e[shadow_l4_table_offset(SH_LINEAR_PT_VIRT_START)] =
-        shadow_l4e_from_mfn(sl4mfn, __PAGE_HYPERVISOR);
-
-    /* Self linear mapping.  */
-    if ( shadow_mode_translate(v->domain) && !shadow_mode_external(v->domain) )
-    {
-        // linear tables may not be used with translated PV guests
-        sl4e[shadow_l4_table_offset(LINEAR_PT_VIRT_START)] =
+    /*
+     * Linear mapping slots:
+     *
+     * Calling this function with gl4mfn == sl4mfn is used to construct a
+     * monitor table for translated domains.  In this case, gl4mfn forms the
+     * self-linear mapping (i.e. not pointing into the translated domain), and
+     * the shadow-linear slot is skipped.  The shadow-linear slot is either
+     * filled when constructing lower level monitor tables, or via
+     * sh_update_cr3() for 4-level guests.
+     *
+     * Calling this function with gl4mfn != sl4mfn is used for non-translated
+     * guests, where the shadow-linear slot is actually self-linear, and the
+     * guest-linear slot points into the guests view of its pagetables.
+     */
+    if ( shadow_mode_translate(d) )
+    {
+        ASSERT(mfn_x(gl4mfn) == mfn_x(sl4mfn));
+
+        sl4e[shadow_l4_table_offset(SH_LINEAR_PT_VIRT_START)] =
              shadow_l4e_empty();
      }
      else
      {
-        sl4e[shadow_l4_table_offset(LINEAR_PT_VIRT_START)] =
-            shadow_l4e_from_mfn(gl4mfn, __PAGE_HYPERVISOR);
+        ASSERT(mfn_x(gl4mfn) != mfn_x(sl4mfn));
+
+        sl4e[shadow_l4_table_offset(SH_LINEAR_PT_VIRT_START)] =
+            shadow_l4e_from_mfn(sl4mfn, __PAGE_HYPERVISOR);
      }
  
+    sl4e[shadow_l4_table_offset(LINEAR_PT_VIRT_START)] =
+        shadow_l4e_from_mfn(gl4mfn, __PAGE_HYPERVISOR);
+
      sh_unmap_domain_page(sl4e);    
  }
  #endif
@@ -4243,6 +4255,11 @@ static int sh_guess_wrmap(struct vcpu *v, unsigned long vaddr, mfn_t gmfn)
  
      /* Carefully look in the shadow linear map for the l1e we expect */
  #if SHADOW_PAGING_LEVELS >= 4
+    /* Is a shadow linear map is installed in the first place? */
+    sl4p  = v->arch.paging.shadow.guest_vtable;
+    sl4p += shadow_l4_table_offset(SH_LINEAR_PT_VIRT_START);
+    if ( !(shadow_l4e_get_flags(*sl4p) & _PAGE_PRESENT) )
+        return 0;
      sl4p = sh_linear_l4_table(v) + shadow_l4_linear_offset(vaddr);
      if ( !(shadow_l4e_get_flags(*sl4p) & _PAGE_PRESENT) )
          return 0;
author	Andrew Cooper <andrew.cooper3@citrix.com>
	Thu, 12 Oct 2017 14:02:10 +0000 (16:02 +0200)
committer	Jan Beulich <jbeulich@suse.com>
	Thu, 12 Oct 2017 14:02:10 +0000 (16:02 +0200)