Fix a bug in shadow_remove_all_access_in_page.

Fixes a fairly obvious bug, in which an if statement was reversed.  The
bug has been present for a while, so apparently this code isn't well
tested.

Signed-off-by: Michael Vrable <mvrable@cs.ucsd.edu>

diff --git a/xen/arch/x86/shadow32.c b/xen/arch/x86/shadow32.c
index 8adeae298cd41fe277317726f41bf4de04caed52..73e6f6412396809456305e9f80da72c676b2ee31 100644 (file)
--- a/xen/arch/x86/shadow32.c
+++ b/xen/arch/x86/shadow32.c
@@ -2214,7 +2214,7 @@ static u32 remove_all_access_in_page(
     struct domain *d, unsigned long l1mfn, unsigned long forbidden_gmfn)
 {
     l1_pgentry_t *pl1e = map_domain_page(l1mfn);
-    l1_pgentry_t match;
+    l1_pgentry_t match, ol2e;
     unsigned long flags  = _PAGE_PRESENT;
     int i;
     u32 count = 0;
@@ -2226,17 +2226,17 @@ static u32 remove_all_access_in_page(
     
     for (i = 0; i < L1_PAGETABLE_ENTRIES; i++)
     {
-        if ( unlikely(!l1e_has_changed(pl1e[i], match, flags) == 0) )
-        {
-            l1_pgentry_t ol2e = pl1e[i];
-            pl1e[i] = l1e_empty();
-            count++;
-
-            if ( is_l1_shadow )
-                shadow_put_page_from_l1e(ol2e, d);
-            else /* must be an hl2 page */
-                put_page(&frame_table[forbidden_gmfn]);
-        }
+        if ( l1e_has_changed(pl1e[i], match, flags) )
+            continue;
+
+        ol2e = pl1e[i];
+        pl1e[i] = l1e_empty();
+        count++;
+
+        if ( is_l1_shadow )
+            shadow_put_page_from_l1e(ol2e, d);
+        else /* must be an hl2 page */
+            put_page(&frame_table[forbidden_gmfn]);
     }
 
     unmap_domain_page(pl1e);

diff --git a/xen/arch/x86/shadow_public.c b/xen/arch/x86/shadow_public.c
index 67dba036d667c2faed4cf4161ae9a56773b46b8e..d8cb85c4c490bcb59d3b7a26e3825d58889bb7b7 100644 (file)
--- a/xen/arch/x86/shadow_public.c
+++ b/xen/arch/x86/shadow_public.c
@@ -1622,7 +1622,7 @@ static u32 remove_all_access_in_page(
     struct domain *d, unsigned long l1mfn, unsigned long forbidden_gmfn)
 {
     l1_pgentry_t *pl1e = map_domain_page(l1mfn);
-    l1_pgentry_t match;
+    l1_pgentry_t match, ol2e;
     unsigned long flags  = _PAGE_PRESENT;
     int i;
     u32 count = 0;
@@ -1634,17 +1634,17 @@ static u32 remove_all_access_in_page(
 
     for (i = 0; i < L1_PAGETABLE_ENTRIES; i++)
     {
-        if ( unlikely(!l1e_has_changed(pl1e[i], match, flags) == 0) )
-        {
-            l1_pgentry_t ol2e = pl1e[i];
-            pl1e[i] = l1e_empty();
-            count++;
-
-            if ( is_l1_shadow )
-                shadow_put_page_from_l1e(ol2e, d);
-            else /* must be an hl2 page */
-                put_page(&frame_table[forbidden_gmfn]);
-        }
+        if ( l1e_has_changed(pl1e[i], match, flags) )
+            continue;
+
+        ol2e = pl1e[i];
+        pl1e[i] = l1e_empty();
+        count++;
+
+        if ( is_l1_shadow )
+            shadow_put_page_from_l1e(ol2e, d);
+        else /* must be an hl2 page */
+            put_page(&frame_table[forbidden_gmfn]);
     }
 
     unmap_domain_page(pl1e);