From: Andres Lagar-Cavilla <andres@lagarcavilla.org>
Date: Thu, 26 Apr 2012 09:03:08 +0000 (+0100)
Subject: x86/mem_sharing: Don't destroy a page's shared state before depleting its <gfn, domid... 
X-Git-Tag: archive/raspbian/4.8.0-1+rpi1~1^2~8550
X-Git-Url: https://dgit.raspbian.org/%22http:/www.example.com/cgi/%22https://%22%22/%22http:/www.example.com/cgi/%22https:/%22%22?a=commitdiff_plain;h=458519b78248d36700014e010386b7943df4e3a3;p=xen.git

x86/mem_sharing: Don't destroy a page's shared state before depleting its <gfn, domid> tuple list

Signed-off-by: Andres Lagar-Cavilla <andres@lagarcavilla.org>
Acked-by: Tim Deegan <tim@xen.org>
Committed-by: Tim Deegan <tim@xen.org>
---

diff --git a/xen/arch/x86/mm/mem_sharing.c b/xen/arch/x86/mm/mem_sharing.c
index aec92c6143..058a53a2ff 100644
--- a/xen/arch/x86/mm/mem_sharing.c
+++ b/xen/arch/x86/mm/mem_sharing.c
@@ -963,7 +963,9 @@ gfn_found:
     last_gfn = list_has_one_entry(&page->sharing->gfns);
     if ( last_gfn )
     {
-        /* Clean up shared state */
+        /* Clean up shared state. Get rid of the <domid, gfn> tuple
+         * before destroying the rmap. */
+        mem_sharing_gfn_destroy(d, gfn_info);
         audit_del_list(page);
         page->sharing = NULL;
         atomic_dec(&nr_shared_mfns);
@@ -974,7 +976,8 @@ gfn_found:
      * (possibly freeing the page), and exit early */
     if ( flags & MEM_SHARING_DESTROY_GFN )
     {
-        mem_sharing_gfn_destroy(d, gfn_info);
+        if ( !last_gfn )
+            mem_sharing_gfn_destroy(d, gfn_info);
         put_page_and_type(page);
         mem_sharing_page_unlock(page);
         if ( last_gfn && 
@@ -987,7 +990,6 @@ gfn_found:
  
     if ( last_gfn )
     {
-        mem_sharing_gfn_destroy(d, gfn_info);
         /* Making a page private atomically unlocks it */
         BUG_ON(page_make_private(d, page) != 0);
         goto private_page_found;