From b6d4a6d487c1aed0d53ffa3b969f82a5d0b50201 Mon Sep 17 00:00:00 2001 From: Keir Fraser Date: Wed, 9 Dec 2009 10:59:31 +0000 Subject: [PATCH] x86-32/pod: fix map_domain_page() leak The 'continue' in the if() part of the conditional at the end of p2m_pod_zero_check() was causing this, but there also really is no point in retaining the mapping after having checked page contents, so fix it both ways. Additionally there is no point in updating map[] at this point anymore. Signed-off-by: Jan Beulich --- xen/arch/x86/mm/p2m.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index df992586b8..976b84c200 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -898,12 +898,13 @@ p2m_pod_zero_check(struct domain *d, unsigned long *gfns, int count) if( *(map[i]+j) != 0 ) break; + unmap_domain_page(map[i]); + /* See comment in p2m_pod_zero_check_superpage() re gnttab * check timing. */ if ( j < PAGE_SIZE/sizeof(*map[i]) ) { set_p2m_entry(d, gfns[i], mfns[i], 0, types[i]); - continue; } else { @@ -911,9 +912,6 @@ p2m_pod_zero_check(struct domain *d, unsigned long *gfns, int count) p2m_pod_cache_add(d, mfn_to_page(mfns[i]), 0); d->arch.p2m->pod.entry_count++; } - - unmap_domain_page(map[i]); - map[i] = NULL; } } -- 2.30.2