>>> On 16.03.17 at 17:31, <andrew.coop...@citrix.com> wrote: > The shadow logic should not create a valid/present shadow of a guest PTE which > contains reserved bits from the guests point of view. It is not guaranteed > that the hardware pagewalk will come to the same conclusion, and raise a > pagefault. > > Shadows created on demand from the pagefault handler are fine because the > pagewalk over the guest tables will have injected the fault into the guest > rather than creating a shadow. > > However, shadows created by sh_resync_l1() and sh_prefetch() haven't undergone > a pagewalk and need to account for reserved bits before creating the shadow. > > In practice, this means a 3-level guest could previously cause PTEs with bits > 63:52 set to be shadowed (and discarded). This PTE should cause #PF[RSVD] > when encountered by hardware, but the installed shadow is valid and hardware > doesn't fault. > > Reuse the pagewalk reserved bits helpers, and assert in > l?e_propagate_from_guest() that shadows are not attempted to be created with > reserved bits set. > > Signed-off-by: Andrew Cooper <andrew.coop...@citrix.com>
This looks fine to me, but I can't claim to know the shadow code well enough to be certain all places where changes are needed are actually covered. So I'll defer to Tim and George. Jan _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel
