From a4e370a39293c6d07283c615977e5896d835ea93 Mon Sep 17 00:00:00 2001
From: "kaf24@firebug.cl.cam.ac.uk" <kaf24@firebug.cl.cam.ac.uk>
Date: Sun, 30 Apr 2006 09:32:21 +0100
Subject: [PATCH] balloon_alloc_empty_page_range() should set the reference
 count on every page structure before returning.

Signed-off-by: Keir Fraser <keir@xensource.com>
---
 linux-2.6-xen-sparse/drivers/xen/balloon/balloon.c | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/linux-2.6-xen-sparse/drivers/xen/balloon/balloon.c b/linux-2.6-xen-sparse/drivers/xen/balloon/balloon.c
index dc335b5c3f..f773f8edaa 100644
--- a/linux-2.6-xen-sparse/drivers/xen/balloon/balloon.c
+++ b/linux-2.6-xen-sparse/drivers/xen/balloon/balloon.c
@@ -540,6 +540,8 @@ struct page *balloon_alloc_empty_page_range(unsigned long nr_pages)
 	unsigned long vstart, flags;
 	unsigned int  order = get_order(nr_pages * PAGE_SIZE);
 	int ret;
+	unsigned long i;
+	struct page *page;
 
 	vstart = __get_free_pages(GFP_KERNEL, order);
 	if (vstart == 0)
@@ -559,7 +561,12 @@ struct page *balloon_alloc_empty_page_range(unsigned long nr_pages)
 
 	flush_tlb_all();
 
-	return virt_to_page(vstart);
+	page = virt_to_page(vstart);
+
+	for (i = 0; i < (1UL << order); i++)
+		set_page_count(page + i, 1);
+
+	return page;
 }
 
 void balloon_dealloc_empty_page_range(
@@ -569,8 +576,10 @@ void balloon_dealloc_empty_page_range(
 	unsigned int  order = get_order(nr_pages * PAGE_SIZE);
 
 	balloon_lock(flags);
-	for (i = 0; i < (1UL << order); i++)
+	for (i = 0; i < (1UL << order); i++) {
+		BUG_ON(page_count(page + i) != 1);
 		balloon_append(page + i);
+	}
 	balloon_unlock(flags);
 
 	schedule_work(&balloon_worker);
-- 
2.30.2