From b7635526acffbe4ad8ad16fd92812c57742e54c2 Mon Sep 17 00:00:00 2001 From: Jan Beulich Date: Tue, 19 Oct 2021 10:08:30 +0200 Subject: [PATCH] x86/paging: restrict physical address width reported to guests MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Modern hardware may report more than 48 bits of physical address width. For paging-external guests our P2M implementation does not cope with larger values. Telling the guest of more available bits means misleading it into perhaps trying to actually put some page there (like was e.g. intermediately done in OVMF for the shared info page). While there also convert the PV check to a paging-external one (which in our current code base are synonyms of one another anyway). Fixes: 5dbd60e16a1f ("x86/shadow: Correct guest behaviour when creating PTEs above maxphysaddr") Signed-off-by: Jan Beulich Reviewed-by: Roger Pau Monné --- xen/include/asm-x86/paging.h | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/xen/include/asm-x86/paging.h b/xen/include/asm-x86/paging.h index fa22558e2e..996c2cd038 100644 --- a/xen/include/asm-x86/paging.h +++ b/xen/include/asm-x86/paging.h @@ -400,11 +400,18 @@ static always_inline unsigned int paging_max_paddr_bits(const struct domain *d) { unsigned int bits = paging_mode_hap(d) ? hap_paddr_bits : paddr_bits; - if ( !IS_ENABLED(CONFIG_BIGMEM) && paging_mode_shadow(d) && - !is_pv_domain(d) ) + if ( paging_mode_external(d) ) { - /* Shadowed superpages store GFNs in 32-bit page_info fields. */ - bits = min(bits, 32U + PAGE_SHIFT); + if ( !IS_ENABLED(CONFIG_BIGMEM) && paging_mode_shadow(d) ) + { + /* Shadowed superpages store GFNs in 32-bit page_info fields. */ + bits = min(bits, 32U + PAGE_SHIFT); + } + else + { + /* Both p2m-ept and p2m-pt only support 4-level page tables. */ + bits = min(bits, 48U); + } } return bits; -- 2.30.2