From 3c15d72cac63dcacefd158ca77a96f0d9647f78e Mon Sep 17 00:00:00 2001
From: "kfraser@localhost.localdomain" <kfraser@localhost.localdomain>
Date: Tue, 21 Nov 2006 16:14:53 +0000
Subject: [PATCH] [XEN] Fix potential crash in grant-table code if guest
 misbehaves and implicitly unmaps a PTE. Signed-off-by: Keir Fraser
 <keir@xensource.com>

---
 xen/common/grant_table.c | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c
index c499c8a447..3a6bc9587f 100644
--- a/xen/common/grant_table.c
+++ b/xen/common/grant_table.c
@@ -371,10 +371,9 @@ __gnttab_unmap_grant_ref(
 
     if ( unlikely((rd = find_domain_by_id(dom)) == NULL) )
     {
-        if ( rd != NULL )
-            put_domain(rd);
+        /* This can happen when a grant is implicitly unmapped. */
         gdprintk(XENLOG_INFO, "Could not find domain %d\n", dom);
-        op->status = GNTST_bad_domain;
+        domain_crash(ld); /* naughty... */
         return;
     }
 
@@ -1130,7 +1129,12 @@ gnttab_release_mappings(
                 handle, ref, map->flags, map->domid);
 
         rd = find_domain_by_id(map->domid);
-        BUG_ON(rd == NULL);
+        if ( rd == NULL )
+        {
+            /* Nothing to clear up... */
+            map->flags = 0;
+            continue;
+        }
 
         spin_lock(&rd->grant_table->lock);
 
-- 
2.30.2