Fix the zombie domain when destroying 2.6 linux vmx guest.

The zombie domain is caused by unreleased shadow page
because of lack of put_shadow_ref.
When unshadow a L1 page, set l2e to zero and put ref.

Signed-off-by: <xiaofeng.ling@intel.com>

diff --git a/xen/arch/x86/shadow.c b/xen/arch/x86/shadow.c
index 6d44c5fc98de19350c1511943176c275a72dbd11..14ed7ad4edd5cf1c9fa70bd9988ba8583359a722 100644 (file)
--- a/xen/arch/x86/shadow.c
+++ b/xen/arch/x86/shadow.c
@@ -1536,12 +1536,13 @@ static int resync_all(struct domain *d, u32 stype)
             perfc_incr_histo(l1_entries_checked, max_shadow - min_shadow + 1, PT_UPDATES);
             if ( d->arch.ops->guest_paging_levels >= PAGING_L3 &&
                  unshadow_l1 ) {
-                pgentry_64_t l2e = {0};
+                pgentry_64_t l2e;
 
                 __shadow_get_l2e(entry->v, entry->va, &l2e);
 
                 if ( entry_get_flags(l2e) & _PAGE_PRESENT ) {
-                    entry_remove_flags(l2e, _PAGE_PRESENT);
+                    put_shadow_ref(entry_get_pfn(l2e));
+                    l2e = entry_empty();
                     __shadow_set_l2e(entry->v, entry->va, &l2e);
 
                     if (entry->v == current)

diff --git a/xen/arch/x86/shadow32.c b/xen/arch/x86/shadow32.c
index 91c0e2dc5c2e9ae4006675bdcbb32d1e6ac90515..17f4e17ae93fa41b48bf3bbbeab2faf606543715 100644 (file)
--- a/xen/arch/x86/shadow32.c
+++ b/xen/arch/x86/shadow32.c
@@ -2426,7 +2426,8 @@ static int resync_all(struct domain *d, u32 stype)
 
                 __shadow_get_l2e(entry->v, entry->va, &l2e);
                 if (l2e_get_flags(l2e) & _PAGE_PRESENT) {
-                    l2e_remove_flags(l2e, _PAGE_PRESENT);
+                    put_shadow_ref(l2e_get_pfn(l2e)); 
+                    l2e = l2e_empty();
                     __shadow_set_l2e(entry->v, entry->va, l2e);
 
                     if (entry->v == current)