$NetBSD: patch-CVE-2015-7835,v 1.1 2015/10/29 21:59:16 bouyer Exp $

Patch for CVE-2015-7835 aka XSA-148 based on
http://xenbits.xenproject.org/xsa/xsa148-4.4.patch

--- xen/arch/x86/mm.c.orig	2014-09-02 08:22:57.000000000 +0200
+++ xen/arch/x86/mm.c	2015-10-29 22:27:31.000000000 +0100
@@ -169,7 +169,10 @@
 
 static uint32_t base_disallow_mask;
 #define L1_DISALLOW_MASK (base_disallow_mask | _PAGE_GNTTAB)
-#define L2_DISALLOW_MASK (base_disallow_mask & ~_PAGE_PSE)
+
+#define L2_DISALLOW_MASK (unlikely(opt_allow_superpage) \
+                          ? base_disallow_mask & ~_PAGE_PSE \
+                          : base_disallow_mask)
 
 #if defined(__x86_64__)
 
@@ -1980,7 +1983,10 @@
         }
 
         /* Fast path for identical mapping and presence. */
-        if ( !l2e_has_changed(ol2e, nl2e, _PAGE_PRESENT) )
+        if ( !l2e_has_changed(ol2e, nl2e,
+                              unlikely(opt_allow_superpage)
+                              ? _PAGE_PSE | _PAGE_RW | _PAGE_PRESENT
+                              : _PAGE_PRESENT) )
         {
             adjust_guest_l2e(nl2e, d);
             if ( UPDATE_ENTRY(l2, pl2e, ol2e, nl2e, pfn, vcpu, preserve_ad) )