[IA64] don't allow non-dom0 domains to set pte memory attributes

  domUs shouldn't be allowed to set arbitrary memory attributes.
This could allow accessing system memory with uncached attributes,
leading to address aliasing, unsupported transactions, or worse.

Signed-off-by: Alex Williamson <alex.williamson@hp.com>

diff --git a/xen/arch/ia64/xen/mm.c b/xen/arch/ia64/xen/mm.c
index 74fabdadfedd266bbe5e7b0f804a86e0fc05a5f7..fec626ccd56a0832a00491b5f9d96e49226c1dc0 100644 (file)
--- a/xen/arch/ia64/xen/mm.c
+++ b/xen/arch/ia64/xen/mm.c
@@ -471,6 +471,14 @@ u64 translate_domain_pte(u64 pteval, u64 address, u64 itir__, u64* logps,
        pteval2 |= (pteval & _PAGE_ED);
        pteval2 |= _PAGE_PL_2; // force PL0->2 (PL3 is unaffected)
        pteval2 = (pteval & ~_PAGE_PPN_MASK) | pteval2;
+       /*
+        * Don't let non-dom0 domains map uncached addresses.  This can
+        * happen when domU tries to touch i/o port space.  Also prevents
+        * possible address aliasing issues.
+        */
+       if (d != dom0)
+               pteval2 &= ~_PAGE_MA_MASK;
+
        return pteval2;
 }