x86/mmuext: don't allow copying/clearing non-RAM pages The two operations really aren't meant for anything else. Signed-off-by: Jan Beulich --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -3229,6 +3229,7 @@ long do_mmuext_op( switch ( op.cmd ) { struct page_info *page; + p2m_type_t p2mt; case MMUEXT_PIN_L1_TABLE: type = PGT_l1_page_table; @@ -3528,7 +3529,12 @@ long do_mmuext_op( } case MMUEXT_CLEAR_PAGE: - page = get_page_from_gfn(pg_owner, op.arg1.mfn, NULL, P2M_ALLOC); + page = get_page_from_gfn(pg_owner, op.arg1.mfn, &p2mt, P2M_ALLOC); + if ( unlikely(p2mt != p2m_ram_rw) && page ) + { + put_page(page); + page = NULL; + } if ( !page || !get_page_type(page, PGT_writable_page) ) { if ( page ) @@ -3551,8 +3557,13 @@ long do_mmuext_op( { struct page_info *src_page, *dst_page; - src_page = get_page_from_gfn(pg_owner, op.arg2.src_mfn, NULL, + src_page = get_page_from_gfn(pg_owner, op.arg2.src_mfn, &p2mt, P2M_ALLOC); + if ( unlikely(p2mt != p2m_ram_rw) && src_page ) + { + put_page(src_page); + src_page = NULL; + } if ( unlikely(!src_page) ) { gdprintk(XENLOG_WARNING, @@ -3562,8 +3573,13 @@ long do_mmuext_op( break; } - dst_page = get_page_from_gfn(pg_owner, op.arg1.mfn, NULL, + dst_page = get_page_from_gfn(pg_owner, op.arg1.mfn, &p2mt, P2M_ALLOC); + if ( unlikely(p2mt != p2m_ram_rw) && dst_page ) + { + put_page(dst_page); + dst_page = NULL; + } rc = (dst_page && get_page_type(dst_page, PGT_writable_page)) ? 0 : -EINVAL; if ( unlikely(rc) )