From: Andrew Cooper Date: Thu, 31 Dec 2020 16:55:20 +0000 (+0000) Subject: x86/p2m: Fix paging_gva_to_gfn() for nested virt X-Git-Tag: archive/raspbian/4.16.0+51-g0941d6cb-1+rpi1~2^2~42^2~1222 X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=7ba2ab495be54f608cb47440e1497b2795bd301a;p=xen.git x86/p2m: Fix paging_gva_to_gfn() for nested virt nestedhap_walk_L1_p2m() takes guest physical addresses, not frame numbers. This means the l2 input is off-by-PAGE_SHIFT, as is the l1 value eventually returned to the caller. Delete the misleading comment as well. Fixes: bab2bd8e222de ("xen/nested_p2m: Don't walk EPT tables with a regular PT walker") Reported-by: Tamas K Lengyel Signed-off-by: Andrew Cooper Acked-by: Roger Pau Monné Tested-by: Tamas K Lengyel --- diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index a4ebfc9b21..ad4bb94514 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -1784,6 +1784,7 @@ unsigned long paging_gva_to_gfn(struct vcpu *v, if ( is_hvm_vcpu(v) && paging_mode_hap(v->domain) && nestedhvm_is_n2(v) ) { unsigned long l2_gfn, l1_gfn; + paddr_t l1_gpa; struct p2m_domain *p2m; const struct paging_mode *mode; uint8_t l1_p2ma; @@ -1798,8 +1799,8 @@ unsigned long paging_gva_to_gfn(struct vcpu *v, if ( l2_gfn == gfn_x(INVALID_GFN) ) return gfn_x(INVALID_GFN); - /* translate l2 guest gfn into l1 guest gfn */ - rv = nestedhap_walk_L1_p2m(v, l2_gfn, &l1_gfn, &l1_page_order, &l1_p2ma, + rv = nestedhap_walk_L1_p2m(v, pfn_to_paddr(l2_gfn), &l1_gpa, + &l1_page_order, &l1_p2ma, 1, !!(*pfec & PFEC_write_access), !!(*pfec & PFEC_insn_fetch)); @@ -1807,6 +1808,8 @@ unsigned long paging_gva_to_gfn(struct vcpu *v, if ( rv != NESTEDHVM_PAGEFAULT_DONE ) return gfn_x(INVALID_GFN); + l1_gfn = paddr_to_pfn(l1_gpa); + /* * Sanity check that l1_gfn can be used properly as a 4K mapping, even * if it mapped by a nested superpage.