x86: shadow_alloc_p2m_page() should call shadow_prealloc() before shadow_alloc()

shadow_alloc_p2m_page() fails to call shadow_prealloc() before calling
shadow_alloc().  In certain conditions, notably when PoD is being
exercised, this may cause shadow_alloc() to fail, crashing Xen.

Signed-off-by: George Dunlap <george.dunlap@eu.citrix.com>

diff --git a/xen/arch/x86/mm/shadow/common.c b/xen/arch/x86/mm/shadow/common.c
index 2b1abb12db45c085b3e19085a177cca71735cd8b..91996624a2570379f807417926fdb660574c453e 100644 (file)
--- a/xen/arch/x86/mm/shadow/common.c
+++ b/xen/arch/x86/mm/shadow/common.c
@@ -1423,7 +1423,6 @@ static void _shadow_prealloc(
  * to avoid freeing shadows that the caller is currently working on. */
 void shadow_prealloc(struct domain *d, u32 type, unsigned int count)
 {
-    ASSERT(type != SH_type_p2m_table);
     return _shadow_prealloc(d, shadow_order(type), count);
 }
 
@@ -1676,6 +1675,7 @@ sh_alloc_p2m_pages(struct domain *d)
          < (shadow_min_acceptable_pages(d) + (1 << order)) )
         return 0; /* Not enough shadow memory: need to increase it first */
     
+    shadow_prealloc(d, SH_type_p2m_table, 1);
     pg = mfn_to_page(shadow_alloc(d, SH_type_p2m_table, 0));
     d->arch.paging.shadow.p2m_pages += (1 << order);
     d->arch.paging.shadow.total_pages -= (1 << order);