From f1434c2e8e57aa9f75ea8d20612396524df8cd96 Mon Sep 17 00:00:00 2001
From: Malcolm Crossley <malcolm.crossley@citrix.com>
Date: Wed, 25 Apr 2012 12:35:56 +0200
Subject: [PATCH] x86-64: Fix memory hotplug epfn upper limit test for updating
 the compat M2P table

The epfn is being compared to (RDWR_COMPAT_MPT_VIRT_END -
RDWR_COMPAT_MPT_VIRT_START) without a 2 bit shift, resulting in the
epfn being compared to the size of the RDWR_COMPAT_MPT table in bytes
instead of the maximum page frame number that the RDWR_COMPAT_MPT
table can map.

Signed-off-by: Malcolm Crossley <malcolm.crossley@citrix.com>
Committed-by: Jan Beulich <jbeulich@suse.com>
---
 xen/arch/x86/x86_64/mm.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/xen/arch/x86/x86_64/mm.c b/xen/arch/x86/x86_64/mm.c
index 6a71c2860e..635a499d65 100644
--- a/xen/arch/x86/x86_64/mm.c
+++ b/xen/arch/x86/x86_64/mm.c
@@ -454,7 +454,7 @@ static int setup_compat_m2p_table(struct mem_hotadd_info *info)
     if   ((smap > ((RDWR_COMPAT_MPT_VIRT_END - RDWR_COMPAT_MPT_VIRT_START) >> 2)) )
         return 0;
 
-    if (epfn > (RDWR_COMPAT_MPT_VIRT_END - RDWR_COMPAT_MPT_VIRT_START))
+    if ( epfn > ((RDWR_COMPAT_MPT_VIRT_END - RDWR_COMPAT_MPT_VIRT_START) >> 2) )
         epfn = (RDWR_COMPAT_MPT_VIRT_END - RDWR_COMPAT_MPT_VIRT_START) >> 2;
 
     emap = ( (epfn + ((1UL << (L2_PAGETABLE_SHIFT - 2)) - 1 )) &
-- 
2.30.2