From: Jan Beulich Date: Fri, 19 Nov 2021 08:38:42 +0000 (+0100) Subject: x86/paging: restrict physical address width reported to guests X-Git-Tag: archive/raspbian/4.14.3+32-g9de3671772-1_deb11u1+rpi1^2^2~48^2~11 X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=81e3fd1f3cacda220e4d46bb01f9c1b554ed8401;p=xen.git x86/paging: restrict physical address width reported to guests Modern hardware may report more than 48 bits of physical address width. For paging-external guests our P2M implementation does not cope with larger values. Telling the guest of more available bits means misleading it into perhaps trying to actually put some page there (like was e.g. intermediately done in OVMF for the shared info page). While there also convert the PV check to a paging-external one (which in our current code base are synonyms of one another anyway). Fixes: 5dbd60e16a1f ("x86/shadow: Correct guest behaviour when creating PTEs above maxphysaddr") Signed-off-by: Jan Beulich Reviewed-by: Roger Pau Monné master commit: b7635526acffbe4ad8ad16fd92812c57742e54c2 master date: 2021-10-19 10:08:30 +0200 --- diff --git a/xen/include/asm-x86/paging.h b/xen/include/asm-x86/paging.h index f53575f3d9..abb9a7e75c 100644 --- a/xen/include/asm-x86/paging.h +++ b/xen/include/asm-x86/paging.h @@ -391,11 +391,18 @@ static always_inline unsigned int paging_max_paddr_bits(const struct domain *d) { unsigned int bits = paging_mode_hap(d) ? hap_paddr_bits : paddr_bits; - if ( !IS_ENABLED(CONFIG_BIGMEM) && paging_mode_shadow(d) && - !is_pv_domain(d) ) + if ( paging_mode_external(d) ) { - /* Shadowed superpages store GFNs in 32-bit page_info fields. */ - bits = min(bits, 32U + PAGE_SHIFT); + if ( !IS_ENABLED(CONFIG_BIGMEM) && paging_mode_shadow(d) ) + { + /* Shadowed superpages store GFNs in 32-bit page_info fields. */ + bits = min(bits, 32U + PAGE_SHIFT); + } + else + { + /* Both p2m-ept and p2m-pt only support 4-level page tables. */ + bits = min(bits, 48U); + } } return bits;