1 x86/HVM: restrict HVMOP_set_mem_type
3 Permitting arbitrary type changes here has the potential of creating
4 present P2M (and hence EPT/NPT/IOMMU) entries pointing to an invalid
5 MFN (INVALID_MFN truncated to the respective hardware structure field's
6 width). This would become a problem the latest when something real sat
7 at the end of the physical address space; I'm suspecting though that
8 other things might break with such bogus entries.
10 Along with that drop a bogus (and otherwise becoming stale) log
13 Afaict the similar operation in p2m_set_mem_access() is safe.
17 Signed-off-by: Jan Beulich <jbeulich@suse.com>
18 Reviewed-by: Tim Deegan <tim@xen.org>
20 --- a/xen/arch/x86/hvm/hvm.c
21 +++ b/xen/arch/x86/hvm/hvm.c
22 @@ -4541,12 +4541,10 @@ long do_hvm_op(unsigned long op, XEN_GUE
26 - if ( p2m_is_grant(t) )
27 + if ( !p2m_is_ram(t) &&
28 + (!p2m_is_hole(t) || a.hvmmem_type != HVMMEM_mmio_dm) )
31 - gdprintk(XENLOG_WARNING,
32 - "type for pfn %#lx changed to grant while "
33 - "we were working?\n", pfn);