[Xen-changelog] [xen-4.1-testing] x86/mm: fix PSE alignment checks in pagetable walker.

[Xen patchbot-4.1-testing <patchbot@xxxxxxx>]

# HG changeset patch
# User Tim Deegan <Tim.Deegan@xxxxxxxxxx>
# Date 1302185992 -3600
# Node ID dc8e2e30af632bb1d8216c0efce6efac489262b6
# Parent  8c372258147b870f4146b2ce1ced6ff2ecdaba37
x86/mm: fix PSE alignment checks in pagetable walker.

The PSE handling doesn't check bits 1...8 (or 1...9 for non-PAE
guests) being zero, thus allowing bad (not 2Mb/4Mb aligned) large
pages to be handled.

Signed-off-by: Jan Beulich <jbeulich@xxxxxxxxxx>
Acked-by: Tim Deegan <Tim.Deegan@xxxxxxxxxx>
xen-unstable changeset:   23138:777aaa2172c8
xen-unstable date:        Mon Apr 04 10:38:27 2011 +0100
---


diff -r 8c372258147b -r dc8e2e30af63 xen/arch/x86/mm/guest_walk.c
--- a/xen/arch/x86/mm/guest_walk.c      Sat Apr 02 16:06:45 2011 +0100
+++ b/xen/arch/x86/mm/guest_walk.c      Thu Apr 07 15:19:52 2011 +0100
@@ -231,9 +231,28 @@
             /* _PAGE_PSE_PAT not set: remove _PAGE_PAT from flags. */
             flags &= ~_PAGE_PAT;
 
+#define GUEST_L2_GFN_ALIGN (1 << (GUEST_L2_PAGETABLE_SHIFT - \
+                                  GUEST_L1_PAGETABLE_SHIFT))
+        if ( gfn_x(start) & (GUEST_L2_GFN_ALIGN - 1) & ~0x1 )
+        {
+#if GUEST_PAGING_LEVELS == 2
+            /*
+             * Note that _PAGE_INVALID_BITS is zero in this case, yielding a
+             * no-op here.
+             *
+             * Architecturally, the walk should fail if bit 21 is set (others
+             * aren't being checked at least in PSE36 mode), but we'll ignore
+             * this here in order to avoid specifying a non-natural, non-zero
+             * _PAGE_INVALID_BITS value just for that case.
+             */
+#endif
+            rc |= _PAGE_INVALID_BITS;
+        }
+
         /* Increment the pfn by the right number of 4k pages.  
-         * The ~0x1 is to mask out the PAT bit mentioned above. */
-        start = _gfn((gfn_x(start) & ~0x1) + guest_l1_table_offset(va));
+         * Mask out PAT and invalid bits. */
+        start = _gfn((gfn_x(start) & ~(GUEST_L2_GFN_ALIGN - 1)) +
+                     guest_l1_table_offset(va));
         gw->l1e = guest_l1e_from_gfn(start, flags);
         gw->l1mfn = _mfn(INVALID_MFN);
     } 

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog