From: kaf24@firebug.cl.cam.ac.uk <kaf24@firebug.cl.cam.ac.uk>
Date: Tue, 30 May 2006 17:11:34 +0000 (+0100)
Subject: Fix infinite recursion loop in get_page_type() error path.
X-Git-Tag: archive/raspbian/4.8.0-1+rpi1~1^2~16013^2~17
X-Git-Url: https://dgit.raspbian.org/%22http://www.example.com/cgi/success//%22http:/www.example.com/cgi/success/?a=commitdiff_plain;h=ed2a5cde8d36b48e75f59fead8da5815b8613413;p=xen.git

Fix infinite recursion loop in get_page_type() error path.
Signed-off-by: Keir Fraser <keir@xensource.com>
---

diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c
index cc596a6990..29e72dea30 100644
--- a/xen/arch/x86/mm.c
+++ b/xen/arch/x86/mm.c
@@ -1598,12 +1598,18 @@ int get_page_type(struct page_info *page, unsigned long type)
             {
                 if ( unlikely((x & PGT_type_mask) != (type & PGT_type_mask) ) )
                 {
-                    if ( current->domain == page_get_owner(page) )
+                    if ( (current->domain == page_get_owner(page)) &&
+                         ((x & PGT_type_mask) == PGT_writable_page) )
                     {
                         /*
                          * This ensures functions like set_gdt() see up-to-date
                          * type info without needing to clean up writable p.t.
-                         * state on the fast path.
+                         * state on the fast path. We take this path only
+                         * when the current type is writable because:
+                         *  1. It's the only type that this path can decrement.
+                         *  2. If we take this path more liberally then we can
+                         *     enter a recursive loop via get_page_from_l1e()
+                         *     during pagetable revalidation.
                          */
                         LOCK_BIGLOCK(current->domain);
                         cleanup_writable_pagetable(current->domain);