x86: mmio_ro_do_page_fault() must be unreachable for DomU

When combining PTWR and MMIO-R/O PV page fault handlers, the need for
a second hwdom check was overlooked.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Wei Liu <wei.liu2@citrix.com>

diff --git a/xen/arch/x86/pv/ro-page-fault.c b/xen/arch/x86/pv/ro-page-fault.c
index 53a3c15a31ad14a865a02fff81e53b9eb43d2ce7..6b2976d3df675afff626ea0edc19bce328579580 100644 (file)
--- a/xen/arch/x86/pv/ro-page-fault.c
+++ b/xen/arch/x86/pv/ro-page-fault.c
@@ -346,7 +346,8 @@ int pv_ro_page_fault(unsigned long addr, struct cpu_user_regs *regs)
     if ( ((l1e_get_flags(pte) & (_PAGE_PRESENT | _PAGE_RW)) != _PAGE_PRESENT) )
         return 0;
 
-    mmio_ro = rangeset_contains_singleton(mmio_ro_ranges, l1e_get_pfn(pte));
+    mmio_ro = is_hardware_domain(currd) &&
+              rangeset_contains_singleton(mmio_ro_ranges, l1e_get_pfn(pte));
     if ( mmio_ro )
         rc = mmio_ro_do_page_fault(&ctxt, addr, pte);
     else