From: Tim Deegan <Tim.Deegan@xensource.com>
Date: Fri, 20 Oct 2006 16:52:32 +0000 (+0100)
Subject: [HVM] Don't compare CR3 pfn to domain->max_pages
X-Git-Tag: archive/raspbian/4.8.0-1+rpi1~1^2~15589^2~3
X-Git-Url: https://dgit.raspbian.org/%22http://www.example.com/cgi/success//%22http:/www.example.com/cgi/success/?a=commitdiff_plain;h=d0ae053542e9758d0cf6758d0361411d58a85b02;p=xen.git

[HVM] Don't compare CR3 pfn to domain->max_pages
max_pages is the largest number of pages the domain can have
allocated, not the gpfn of the highest one.
Signed-off-by: Tim Deegan <Tim.Deegan@xensource.com>
---

diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c
index 3de84b3345..0ba59591c0 100644
--- a/xen/arch/x86/hvm/svm/svm.c
+++ b/xen/arch/x86/hvm/svm/svm.c
@@ -1555,9 +1555,8 @@ static int svm_set_cr0(unsigned long value)
     if ((value & X86_CR0_PE) && (value & X86_CR0_PG) && !paging_enabled) 
     {
         /* The guest CR3 must be pointing to the guest physical. */
-        if (!VALID_MFN(mfn = 
-                       get_mfn_from_gpfn(v->arch.hvm_svm.cpu_cr3 >> PAGE_SHIFT))
-            || !get_page(mfn_to_page(mfn), v->domain))
+        mfn = get_mfn_from_gpfn(v->arch.hvm_svm.cpu_cr3 >> PAGE_SHIFT);
+        if ( !VALID_MFN(mfn) || !get_page(mfn_to_page(mfn), v->domain))
         {
             printk("Invalid CR3 value = %lx\n", v->arch.hvm_svm.cpu_cr3);
             domain_crash_synchronous(); /* need to take a clean path */
@@ -1741,9 +1740,8 @@ static int mov_to_cr(int gpreg, int cr, struct cpu_user_regs *regs)
              * first.
              */
             HVM_DBG_LOG(DBG_LEVEL_VMMU, "CR3 value = %lx", value);
-            if (((value >> PAGE_SHIFT) > v->domain->max_pages) 
-                || !VALID_MFN(mfn = get_mfn_from_gpfn(value >> PAGE_SHIFT))
-                || !get_page(mfn_to_page(mfn), v->domain))
+            mfn = get_mfn_from_gpfn(value >> PAGE_SHIFT);
+            if ( !VALID_MFN(mfn) || !get_page(mfn_to_page(mfn), v->domain))
             {
                 printk("Invalid CR3 value=%lx\n", value);
                 domain_crash_synchronous(); /* need to take a clean path */
@@ -1777,9 +1775,8 @@ static int mov_to_cr(int gpreg, int cr, struct cpu_user_regs *regs)
                 /* The guest is a 32-bit PAE guest. */
 #if CONFIG_PAGING_LEVELS >= 3
                 unsigned long mfn, old_base_mfn;
-
-                if ( !VALID_MFN(mfn = get_mfn_from_gpfn(
-                    v->arch.hvm_svm.cpu_cr3 >> PAGE_SHIFT)) ||
+                mfn = get_mfn_from_gpfn(v->arch.hvm_svm.cpu_cr3 >> PAGE_SHIFT);
+                if ( !VALID_MFN(mfn) || 
                      !get_page(mfn_to_page(mfn), v->domain) )
                 {
                     printk("Invalid CR3 value = %lx", v->arch.hvm_svm.cpu_cr3);
diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c
index af30180e5b..6d98a858ec 100644
--- a/xen/arch/x86/hvm/vmx/vmx.c
+++ b/xen/arch/x86/hvm/vmx/vmx.c
@@ -1323,12 +1323,13 @@ static int vmx_world_restore(struct vcpu *v, struct vmx_assist_context *c)
          * first.
          */
         HVM_DBG_LOG(DBG_LEVEL_VMMU, "CR3 c->cr3 = %x", c->cr3);
-        if ((c->cr3 >> PAGE_SHIFT) > v->domain->max_pages) {
+        mfn = get_mfn_from_gpfn(c->cr3 >> PAGE_SHIFT);
+        if ( !VALID_MFN(mfn) )
+        {
             printk("Invalid CR3 value=%x", c->cr3);
             domain_crash_synchronous();
             return 0;
         }
-        mfn = get_mfn_from_gpfn(c->cr3 >> PAGE_SHIFT);
         if(!get_page(mfn_to_page(mfn), v->domain))
                 return 0;
         old_base_mfn = pagetable_get_pfn(v->arch.guest_table);
@@ -1508,9 +1509,8 @@ static int vmx_set_cr0(unsigned long value)
          * Trying to enable guest paging.
          * The guest CR3 must be pointing to the guest physical.
          */
-        if ( !VALID_MFN(mfn = get_mfn_from_gpfn(
-            v->arch.hvm_vmx.cpu_cr3 >> PAGE_SHIFT)) ||
-             !get_page(mfn_to_page(mfn), v->domain) )
+        mfn = get_mfn_from_gpfn(v->arch.hvm_vmx.cpu_cr3 >> PAGE_SHIFT);
+        if ( !VALID_MFN(mfn) || !get_page(mfn_to_page(mfn), v->domain) )
         {
             printk("Invalid CR3 value = %lx (mfn=%lx)\n", 
                    v->arch.hvm_vmx.cpu_cr3, mfn);
@@ -1712,11 +1712,10 @@ static int mov_to_cr(int gp, int cr, struct cpu_user_regs *regs)
              * first.
              */
             HVM_DBG_LOG(DBG_LEVEL_VMMU, "CR3 value = %lx", value);
-            if ( ((value >> PAGE_SHIFT) > v->domain->max_pages ) ||
-                 !VALID_MFN(mfn = get_mfn_from_gpfn(value >> PAGE_SHIFT)) ||
-                 !get_page(mfn_to_page(mfn), v->domain) )
+            mfn = get_mfn_from_gpfn(value >> PAGE_SHIFT);
+            if ( !VALID_MFN(mfn) || !get_page(mfn_to_page(mfn), v->domain) )
             {
-                printk("Invalid CR3 value=%lx", value);
+                printk("Invalid CR3 value=%lx\n", value);
                 domain_crash_synchronous(); /* need to take a clean path */
             }
             old_base_mfn = pagetable_get_pfn(v->arch.guest_table);
@@ -1745,16 +1744,14 @@ static int mov_to_cr(int gp, int cr, struct cpu_user_regs *regs)
                 /* The guest is a 32-bit PAE guest. */
 #if CONFIG_PAGING_LEVELS >= 3
                 unsigned long mfn, old_base_mfn;
-
-                if ( !VALID_MFN(mfn = get_mfn_from_gpfn(
-                                    v->arch.hvm_vmx.cpu_cr3 >> PAGE_SHIFT)) ||
+                mfn = get_mfn_from_gpfn(v->arch.hvm_vmx.cpu_cr3 >> PAGE_SHIFT);
+                if ( !VALID_MFN(mfn) ||
                      !get_page(mfn_to_page(mfn), v->domain) )
                 {
                     printk("Invalid CR3 value = %lx", v->arch.hvm_vmx.cpu_cr3);
                     domain_crash_synchronous(); /* need to take a clean path */
                 }
 
-
                 /*
                  * Now arch.guest_table points to machine physical.
                  */