From: Jan Beulich <jbeulich@suse.com>
Subject: x86/shadow: don't pass wrong L4 MFN to guest_walk_tables()

64-bit PV guest user mode runs on a different L4 table. Make sure
- the accessed bit gets set in the correct table (and in log-dirty
  mode the correct page gets marked dirty) during guest walks,
- the correct table gets audited by sh_audit_gw(),
- correct info gets logged by print_gw().

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Acked-by: George Dunlap <george.dunlap@citrix.com>
master commit: db2af23d15077605f286d8ef86c8f5d9c1b8302a
master date: 2019-02-20 17:07:17 +0100

diff --git a/xen/arch/x86/mm/shadow/multi.c b/xen/arch/x86/mm/shadow/multi.c
index 35e08f9097..e9e4ded427 100644
--- a/xen/arch/x86/mm/shadow/multi.c
+++ b/xen/arch/x86/mm/shadow/multi.c
@@ -180,7 +180,10 @@ sh_walk_guest_tables(struct vcpu *v, unsigned long va, walk_t *gw,
                              INVALID_MFN,
                              v->arch.paging.shadow.gl3e
 #else /* 32 or 64 */
-                             pagetable_get_mfn(v->arch.guest_table),
+                             (((v->arch.flags & TF_kernel_mode) ||
+                               is_pv_32bit_vcpu(v))
+                              ? pagetable_get_mfn(v->arch.guest_table)
+                              : pagetable_get_mfn(v->arch.guest_table_user)),
                              v->arch.paging.shadow.guest_vtable
 #endif
                              );