x86/shadow: Use the pagewalk reserved bits helpers
The shadow logic should not create a valid/present shadow of a guest PTE which
contains reserved bits from the guests point of view. It is not guaranteed
that the hardware pagewalk will come to the same conclusion, and raise a
pagefault.
Shadows created on demand from the pagefault handler are fine because the
pagewalk over the guest tables will have injected the fault into the guest
rather than creating a shadow.
However, shadows created by sh_resync_l1() and sh_prefetch() haven't undergone
a pagewalk and need to account for reserved bits before creating the shadow.
In practice, this means a 3-level guest could previously cause PTEs with bits
63:52 set to be shadowed (and discarded). This PTE should cause #PF[RSVD]
when encountered by hardware, but the installed shadow is valid and hardware
doesn't fault.
Reuse the pagewalk reserved bits helpers, and assert in
l?e_propagate_from_guest() that shadows are not attempted to be created with
reserved bits set.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Tim Deegan <tim@xen.org>
projects / xen.git / commit