From f600fa5345d008ec686bfe2c579bbb37b11c7972 Mon Sep 17 00:00:00 2001 From: Andrew Cooper Date: Fri, 25 Nov 2016 17:23:04 +0000 Subject: [PATCH] x86/shadow: Fix #PFs from emulated writes crossing a page boundary When translating the second frame of a write crossing a page boundary, mask the linear address down to the page boundary. This causes the correct %cr2 being reported to the guest in the case that the second frame suffers a pagefault during translation. Signed-off-by: Andrew Cooper Acked-by: Tim Deegan Reviewed-by: Jan Beulich --- xen/arch/x86/mm/shadow/common.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/xen/arch/x86/mm/shadow/common.c b/xen/arch/x86/mm/shadow/common.c index 9f3bed9b05..1623a07bf9 100644 --- a/xen/arch/x86/mm/shadow/common.c +++ b/xen/arch/x86/mm/shadow/common.c @@ -1802,7 +1802,8 @@ void *sh_emulate_map_dest(struct vcpu *v, unsigned long vaddr, else { /* This write crosses a page boundary. Translate the second page. */ - sh_ctxt->mfn[1] = emulate_gva_to_mfn(v, vaddr + bytes - 1, sh_ctxt); + sh_ctxt->mfn[1] = emulate_gva_to_mfn( + v, (vaddr + bytes - 1) & PAGE_MASK, sh_ctxt); if ( !mfn_valid(sh_ctxt->mfn[1]) ) return ((mfn_x(sh_ctxt->mfn[1]) == BAD_GVA_TO_GFN) ? MAPPING_EXCEPTION : -- 2.30.2