On 26/02/2025 11:51 am, Jan Beulich wrote:
> 1: synchronize fast and slow paths of p2m_get_page_from_gfn()
> 2: correct old entry checking in p2m_remove_entry()
> 3: don't include MMIO_DM in p2m_is_valid()
Luca is triaging failures in ARM's CI.
Commit be59cceb2dbb ("x86/P2M: don't include MMIO_DM in p2m_is_valid()")
(patch 3) breaks two different XTF tests.
They're XTF running as a PVH Dom0 inside Xen in qemu. In both cases,
it's Shadow paging in use:
(XEN) [ 1.035338] Freed 644kB init memory
--- Xen Test Framework ---
Environment: HVM 32bit (No paging)
XSA-239 PoC
******************************
PANIC: Unhandled exception at 0010:0010380e
Vec 14 #PF[-d-sWP] %cr2 fec00000
******************************
and
(XEN) [ 1.027912] Freed 644kB init memory
--- Xen Test Framework ---
Environment: HVM 64bit (Long mode 4 levels)
XSA-195 PoC
******************************
PANIC: Unhandled exception at 0008:0000000000103fd8
Vec 14 #PF[-d-srP] %cr2 00001ffffffffff8
******************************
The XSA-239 PoC is reading from the IO-APIC. The absence of a real
mapping should give ~0, not #PF (especially as it's in unpaged mode at
the time...)
The XSA-195 PoC does a decrease reservation in order to cause `BT %reg,
mem` to trap for emulation (it predates FEP), so is playing in a similar
area to XSA-239.
Either way, the reasoning of patch 3 clearly isn't correct. (And we
have significant testing gaps in Gitlab CI, although we knew this.)
~Andrew