From: Keir Fraser <keir.fraser@citrix.com>
Date: Wed, 9 Dec 2009 10:59:31 +0000 (+0000)
Subject: x86-32/pod: fix map_domain_page() leak
X-Git-Tag: archive/raspbian/4.8.0-1+rpi1~1^2~12937
X-Git-Url: https://dgit.raspbian.org/%22http://www.example.com/cgi/success//%22http:/www.example.com/cgi/success/?a=commitdiff_plain;h=b6d4a6d487c1aed0d53ffa3b969f82a5d0b50201;p=xen.git

x86-32/pod: fix map_domain_page() leak

The 'continue' in the if() part of the conditional at the end of
p2m_pod_zero_check() was causing this, but there also really is no
point in retaining the mapping after having checked page contents,
so fix it both ways. Additionally there is no point in updating
map[] at this point anymore.

Signed-off-by: Jan Beulich <jbeulich@novell.com>
---

diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c
index df992586b8..976b84c200 100644
--- a/xen/arch/x86/mm/p2m.c
+++ b/xen/arch/x86/mm/p2m.c
@@ -898,12 +898,13 @@ p2m_pod_zero_check(struct domain *d, unsigned long *gfns, int count)
             if( *(map[i]+j) != 0 )
                 break;
 
+        unmap_domain_page(map[i]);
+
         /* See comment in p2m_pod_zero_check_superpage() re gnttab
          * check timing.  */
         if ( j < PAGE_SIZE/sizeof(*map[i]) )
         {
             set_p2m_entry(d, gfns[i], mfns[i], 0, types[i]);
-            continue;
         }
         else
         {
@@ -911,9 +912,6 @@ p2m_pod_zero_check(struct domain *d, unsigned long *gfns, int count)
             p2m_pod_cache_add(d, mfn_to_page(mfns[i]), 0);
             d->arch.p2m->pod.entry_count++;
         }
-
-        unmap_domain_page(map[i]);
-        map[i] = NULL;
     }
     
 }