diff mbox series

[1/3] x86/mem_sharing: aquire extra references for pages with correct domain

Message ID 20190425153252.14795-1-tamas@tklengyel.com (mailing list archive)
State New, archived
Headers show
Series [1/3] x86/mem_sharing: aquire extra references for pages with correct domain | expand

Commit Message

Tamas K Lengyel April 25, 2019, 3:32 p.m. UTC
Patch 0502e0adae2 "x86: correct instances of PGC_allocated clearing" introduced
grabbing extra references for pages that drop references tied to PGC_allocated.
However, these pages are actually owned by dom_cow, resulting both sharing and
unsharing breaking.

Signed-off-by: Tamas K Lengyel <tamas@tklengyel.com>
Cc: George Dunlap <george.dunlap@eu.citrix.com>
Cc: Jan Beulich <jbeulich@suse.com>
Cc: Andrew Cooper <andrew.cooper3@citrix.com>
Cc: Wei Liu <wei.liu2@citrix.com>
Cc: Roger Pau Monne <roger.pau@citrix.com>
---
 xen/arch/x86/mm/mem_sharing.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

Comments

Andrew Cooper April 26, 2019, 9:26 a.m. UTC | #1
On 25/04/2019 16:32, Tamas K Lengyel wrote:
> Patch 0502e0adae2 "x86: correct instances of PGC_allocated clearing" introduced
> grabbing extra references for pages that drop references tied to PGC_allocated.
> However, these pages are actually owned by dom_cow, resulting both sharing and
> unsharing breaking.
>
> Signed-off-by: Tamas K Lengyel <tamas@tklengyel.com>

Acked-by: Andrew Cooper <andrew.cooper3@citrix.com>

Pulled into x86-next.
diff mbox series

Patch

diff --git a/xen/arch/x86/mm/mem_sharing.c b/xen/arch/x86/mm/mem_sharing.c
index 5ac9d8f54c..dfc279d371 100644
--- a/xen/arch/x86/mm/mem_sharing.c
+++ b/xen/arch/x86/mm/mem_sharing.c
@@ -965,7 +965,7 @@  static int share_pages(struct domain *sd, gfn_t sgfn, shr_handle_t sh,
     }
 
     /* Acquire an extra reference, for the freeing below to be safe. */
-    if ( !get_page(cpage, cd) )
+    if ( !get_page(cpage, dom_cow) )
     {
         ret = -EOVERFLOW;
         mem_sharing_page_unlock(secondpg);
@@ -1171,7 +1171,7 @@  int __mem_sharing_unshare_page(struct domain *d,
         mem_sharing_page_unlock(page);
         if ( last_gfn )
         {
-            if ( !get_page(page, d) )
+            if ( !get_page(page, dom_cow) )
             {
                 put_gfn(d, gfn);
                 domain_crash(d);