When translating an address that falls inside of a superpage in the
IOMMU page tables the fetching of the PTE value wasn't masking of the
contiguous related data, which caused the returned data to be
corrupt as it would contain bits that the caller would interpret as
part of the address.
Fix this by masking off the contiguous bits.
Fixes: c71e55501a61 ('VT-d: have callers specify the target level for page
table walks')
Signed-off-by: Roger Pau Monné <roger....@citrix.com>
---
Changes since v1:
- Return all the PTE bits except for the contiguous count ones.
---
xen/drivers/passthrough/vtd/iommu.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/xen/drivers/passthrough/vtd/iommu.c
b/xen/drivers/passthrough/vtd/iommu.c
index 130a159cde07..d7ba9a9c349f 100644
--- a/xen/drivers/passthrough/vtd/iommu.c
+++ b/xen/drivers/passthrough/vtd/iommu.c
@@ -368,7 +368,7 @@ static uint64_t addr_to_dma_page_maddr(struct domain
*domain, daddr_t addr,
* with the address adjusted to account for the residual of
* the walk.
*/
- pte_maddr = pte->val +
+ pte_maddr = (pte->val & ~DMA_PTE_CONTIG_MASK) +
(addr & ((1UL << level_to_offset_bits(level)) - 1) &
PAGE_MASK);
if ( !target )
--
2.40.0
