From: Keir Fraser <keir.fraser@citrix.com>
Date: Mon, 3 Nov 2008 10:32:54 +0000 (+0000)
Subject: x86: Fix GRANT_PTE_FLAGS.
X-Git-Tag: archive/raspbian/4.8.0-1+rpi1~1^2~14054^2~1
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=03dc0c1ae5dbc76d054844d6303c8b37d030adce;p=xen.git

x86: Fix GRANT_PTE_FLAGS.

Since page table entries created through e.g. GNTTABOP_map_grant_ref
are being passed through adjust_guest_l1e(), they must not generally
get _PAGE_USER set - this will be taken care of by adjust_guest_l1e(),
and it will ensure that these don't get _PAGE_GLOBAL set
inadvertently.

Due to the implied security aspect here (_PAGE_GLOBAL getting set on
kernel pages for x86-64), I'd like to ask that this also be applied to
older maintained branches.

At the same time, set _PAGE_NX for pte-s created for grants (as long
as hardware supports it), since it should be only data pages that remote
domains are being given access to.

Signed-off-by: Jan Beulich <jbeulich@novell.com>
---

diff --git a/xen/include/asm-x86/page.h b/xen/include/asm-x86/page.h
index c6b2e53d21..e17a9469e2 100644
--- a/xen/include/asm-x86/page.h
+++ b/xen/include/asm-x86/page.h
@@ -314,6 +314,9 @@ unsigned long clone_idle_pagetable(struct vcpu *);
 #define __PAGE_HYPERVISOR_NOCACHE \
     (_PAGE_PRESENT | _PAGE_RW | _PAGE_DIRTY | _PAGE_PCD | _PAGE_ACCESSED)
 
+#define GRANT_PTE_FLAGS \
+    (_PAGE_PRESENT | _PAGE_ACCESSED | _PAGE_DIRTY | _PAGE_NX | _PAGE_GNTTAB)
+
 #ifndef __ASSEMBLY__
 
 static inline int get_order_from_bytes(paddr_t size)
diff --git a/xen/include/asm-x86/x86_32/page.h b/xen/include/asm-x86/x86_32/page.h
index 6f32f99cda..16659a1ae3 100644
--- a/xen/include/asm-x86/x86_32/page.h
+++ b/xen/include/asm-x86/x86_32/page.h
@@ -105,9 +105,6 @@ extern unsigned int PAGE_HYPERVISOR_NOCACHE;
 #define get_pte_flags(x) (((int)((x) >> 32) & ~0xFFF) | ((int)(x) & 0xFFF))
 #define put_pte_flags(x) (((intpte_t)((x) & ~0xFFF) << 32) | ((x) & 0xFFF))
 
-#define GRANT_PTE_FLAGS \
-    (_PAGE_PRESENT|_PAGE_ACCESSED|_PAGE_DIRTY|_PAGE_GNTTAB)
-
 /*
  * Disallow unused flag bits plus PAT/PSE, PCD, PWT and GLOBAL.
  * Permit the NX bit if the hardware supports it.
diff --git a/xen/include/asm-x86/x86_64/page.h b/xen/include/asm-x86/x86_64/page.h
index 494a877caf..948cd656f0 100644
--- a/xen/include/asm-x86/x86_64/page.h
+++ b/xen/include/asm-x86/x86_64/page.h
@@ -124,9 +124,6 @@ typedef l4_pgentry_t root_pgentry_t;
 #define PAGE_HYPERVISOR         (__PAGE_HYPERVISOR         | _PAGE_GLOBAL)
 #define PAGE_HYPERVISOR_NOCACHE (__PAGE_HYPERVISOR_NOCACHE | _PAGE_GLOBAL)
 
-#define GRANT_PTE_FLAGS \
-    (_PAGE_PRESENT|_PAGE_ACCESSED|_PAGE_DIRTY|_PAGE_GNTTAB|_PAGE_USER)
-
 #define USER_MAPPINGS_ARE_GLOBAL
 #ifdef USER_MAPPINGS_ARE_GLOBAL
 /*