From c92aec02ad55858cd5767f37ee7a9069ba2f248b Mon Sep 17 00:00:00 2001
From: Keir Fraser <keir.fraser@citrix.com>
Date: Mon, 9 Aug 2010 16:40:18 +0100
Subject: [PATCH] Intel EPT: Fix out of range right shift on 32-bit host

Currently, there has a logic to check whether the EPT GFN is exceeding
guest physical address width. It uses right shift(>>) to implement the
check. But the right shift count is greater than the width of the
type(unsigned long = 32) under the PAE. And this will cause guest boot
fail under PAE with EPT supported.

Signed-off-by: Li Xin <xin.li@intel.com>
Signed-off-by: Zhang Yang <yang.z.zhang@intel.com>
---
 xen/arch/x86/mm/hap/p2m-ept.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/xen/arch/x86/mm/hap/p2m-ept.c b/xen/arch/x86/mm/hap/p2m-ept.c
index ed6bc7a858..3e43a36504 100644
--- a/xen/arch/x86/mm/hap/p2m-ept.c
+++ b/xen/arch/x86/mm/hap/p2m-ept.c
@@ -267,7 +267,7 @@ ept_set_entry(struct domain *d, unsigned long gfn, mfn_t mfn,
      * 3. passing a valid order.
      */
     if ( ((gfn | mfn_x(mfn)) & ((1UL << order) - 1)) ||
-         (gfn >> ((ept_get_wl(d) + 1) * EPT_TABLE_ORDER)) ||
+         ((u64)gfn >> ((ept_get_wl(d) + 1) * EPT_TABLE_ORDER)) ||
          (order % EPT_TABLE_ORDER) )
         return 0;
 
-- 
2.30.2