From 81e3fd1f3cacda220e4d46bb01f9c1b554ed8401 Mon Sep 17 00:00:00 2001 From: Jan Beulich Date: Fri, 19 Nov 2021 09:38:42 +0100 Subject: [PATCH] x86/paging: restrict physical address width reported to guests MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Modern hardware may report more than 48 bits of physical address width. For paging-external guests our P2M implementation does not cope with larger values. Telling the guest of more available bits means misleading it into perhaps trying to actually put some page there (like was e.g. intermediately done in OVMF for the shared info page). While there also convert the PV check to a paging-external one (which in our current code base are synonyms of one another anyway). Fixes: 5dbd60e16a1f ("x86/shadow: Correct guest behaviour when creating PTEs above maxphysaddr") Signed-off-by: Jan Beulich Reviewed-by: Roger Pau Monné master commit: b7635526acffbe4ad8ad16fd92812c57742e54c2 master date: 2021-10-19 10:08:30 +0200 --- xen/include/asm-x86/paging.h | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/xen/include/asm-x86/paging.h b/xen/include/asm-x86/paging.h index f53575f3d9..abb9a7e75c 100644 --- a/xen/include/asm-x86/paging.h +++ b/xen/include/asm-x86/paging.h @@ -391,11 +391,18 @@ static always_inline unsigned int paging_max_paddr_bits(const struct domain *d) { unsigned int bits = paging_mode_hap(d) ? hap_paddr_bits : paddr_bits; - if ( !IS_ENABLED(CONFIG_BIGMEM) && paging_mode_shadow(d) && - !is_pv_domain(d) ) + if ( paging_mode_external(d) ) { - /* Shadowed superpages store GFNs in 32-bit page_info fields. */ - bits = min(bits, 32U + PAGE_SHIFT); + if ( !IS_ENABLED(CONFIG_BIGMEM) && paging_mode_shadow(d) ) + { + /* Shadowed superpages store GFNs in 32-bit page_info fields. */ + bits = min(bits, 32U + PAGE_SHIFT); + } + else + { + /* Both p2m-ept and p2m-pt only support 4-level page tables. */ + bits = min(bits, 48U); + } } return bits; -- 2.39.5