From: Andrew Cooper Subject: VT-d: Fix "else" vs "#endif" misplacement In domain_pgd_maddr() the "#endif" is misplaced with respect to "else". This generates incorrect logic when CONFIG_HVM is compiled out, as the "else" body is executed unconditionally. Rework the logic to use IS_ENABLED() instead of explicit #ifdef-ary, as it's clearer to follow. This in turn involves adjusting p2m_get_pagetable() to compile when CONFIG_HVM is disabled. This is XSA-450 / CVE-2023-46840. Reported-by: Reported-by: Teddy Astie Fixes: 033ff90aa9c1 ("x86/P2M: p2m_{alloc,free}_ptp() and p2m_alloc_table() are HVM-only") Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich diff --git a/xen/arch/x86/include/asm/p2m.h b/xen/arch/x86/include/asm/p2m.h index 32f3f394b05a..6ada585eaac2 100644 --- a/xen/arch/x86/include/asm/p2m.h +++ b/xen/arch/x86/include/asm/p2m.h @@ -435,7 +435,14 @@ static inline bool p2m_is_altp2m(const struct p2m_domain *p2m) return p2m->p2m_class == p2m_alternate; } -#define p2m_get_pagetable(p2m) ((p2m)->phys_table) +#ifdef CONFIG_HVM +static inline pagetable_t p2m_get_pagetable(const struct p2m_domain *p2m) +{ + return p2m->phys_table; +} +#else +pagetable_t p2m_get_pagetable(const struct p2m_domain *p2m); +#endif /* * Ensure any deferred p2m TLB flush has been completed on all VCPUs. diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 99b642f12ef9..4244855032ee 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -438,15 +438,13 @@ static paddr_t domain_pgd_maddr(struct domain *d, paddr_t pgd_maddr, if ( pgd_maddr ) /* nothing */; -#ifdef CONFIG_HVM - else if ( iommu_use_hap_pt(d) ) + else if ( IS_ENABLED(CONFIG_HVM) && iommu_use_hap_pt(d) ) { pagetable_t pgt = p2m_get_pagetable(p2m_get_hostp2m(d)); pgd_maddr = pagetable_get_paddr(pgt); } else -#endif { if ( !hd->arch.vtd.pgd_maddr ) {