From: David Vrabel <david.vrabel@citrix.com>
Date: Mon, 16 Dec 2013 09:51:24 +0000 (+0100)
Subject: evtchn/fifo: map correct pages when guest is HVM
X-Git-Tag: archive/raspbian/4.8.0-1+rpi1~1^2~5757
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=cb84b989ee11d2368ec78e9669bb72f8c7a95c03;p=xen.git

evtchn/fifo: map correct pages when guest is HVM

If a HVM guest attempts to use the FIFO-based ABI it will not receive
any events and destroying the guest may crash Xen or trigger an assert
when attempting to unmap a control block page.  This occurs because
Xen maps the wrong page for both the control blocks and the event
arrays.

In map_guest_page(), use the MFN of the guest's page and not the GFN
when calling map_domain_page_global().

Reported-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Signed-off-by: David Vrabel <david.vrabel@citrix.com>
---

diff --git a/xen/common/event_fifo.c b/xen/common/event_fifo.c
index 6048784bc6..b0d3fc2e25 100644
--- a/xen/common/event_fifo.c
+++ b/xen/common/event_fifo.c
@@ -284,7 +284,7 @@ static int map_guest_page(struct domain *d, uint64_t gfn, void **virt)
         return -EINVAL;
     }
 
-    *virt = map_domain_page_global(gfn);
+    *virt = __map_domain_page_global(p);
     if ( !*virt )
     {
         put_page_and_type(p);