From dec59149875ba485585f017461fba9f7e484f952 Mon Sep 17 00:00:00 2001
From: "kaf24@scramble.cl.cam.ac.uk" <kaf24@scramble.cl.cam.ac.uk>
Date: Wed, 11 Feb 2004 22:45:55 +0000
Subject: [PATCH] bitkeeper revision 1.718 (402ab0a3yYoCQu7SoJnkkWLDqd6w4Q)

memory.c:
  Fix refcnt bug in Xen.
---
 xen/common/memory.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/xen/common/memory.c b/xen/common/memory.c
index 4d3201706c..1f952c8b27 100644
--- a/xen/common/memory.c
+++ b/xen/common/memory.c
@@ -832,10 +832,12 @@ static int do_extended_command(unsigned long ptr, unsigned long val)
                                             &page->count_and_flags)) )
         {
             put_page_and_type(page);
+            put_page(page);
         }
         else
         {
             okay = 0;
+            put_page(page);
             MEM_LOG("Pfn %08lx not pinned", pfn);
         }
         break;
@@ -932,6 +934,12 @@ int do_mmu_update(mmu_update_t *ureqs, int count)
         case MMU_NORMAL_PT_UPDATE:
             page = &frame_table[pfn];
 
+            if ( unlikely(pfn >= max_page) )
+            {
+                MEM_LOG("Page out of range (%08lx > %08lx)", pfn, max_page);
+                break;
+            }
+
             if ( unlikely(!get_page(page, current)) &&
                  ((current->domain != 0) || !dom0_get_page(page)) )
             {
-- 
2.30.2