From 660442fdafa7c0d0b145c0ae372aa3e93c7322eb Mon Sep 17 00:00:00 2001
From: "kaf24@firebug.cl.cam.ac.uk" <kaf24@firebug.cl.cam.ac.uk>
Date: Sat, 15 Apr 2006 09:52:32 +0100
Subject: [PATCH] Fix SETMAXMEM dom0_op with proper locking.

Signed-off-by: Keir Fraser <keir@xensource.com>
---
 xen/common/dom0_ops.c | 28 ++++++++++++++++------------
 1 file changed, 16 insertions(+), 12 deletions(-)

diff --git a/xen/common/dom0_ops.c b/xen/common/dom0_ops.c
index 3c5358663b..cba0117fae 100644
--- a/xen/common/dom0_ops.c
+++ b/xen/common/dom0_ops.c
@@ -581,27 +581,31 @@ long do_dom0_op(GUEST_HANDLE(dom0_op_t) u_dom0_op)
     case DOM0_SETDOMAINMAXMEM:
     {
         struct domain *d; 
+        unsigned long new_max;
+
         ret = -ESRCH;
         d = find_domain_by_id(op->u.setdomainmaxmem.domain);
-        if ( d != NULL )
+        if ( d == NULL )
+            break;
+
+        ret = -EINVAL;
+        new_max = op->u.setdomainmaxmem.max_memkb >> (PAGE_SHIFT-10);
+
+        spin_lock(&d->page_alloc_lock);
+        if ( new_max >= d->tot_pages )
         {
-            unsigned long new_max;
-            new_max = op->u.setdomainmaxmem.max_memkb >> (PAGE_SHIFT-10);
-            if (new_max < d->tot_pages) 
-                ret = -EINVAL;
-            else 
-            {  
-                d->max_pages = new_max;
-                ret = 0;
-            }
-            put_domain(d);
+            d->max_pages = new_max;
+            ret = 0;
         }
+        spin_unlock(&d->page_alloc_lock);
+
+        put_domain(d);
     }
     break;
 
     case DOM0_SETDOMAINHANDLE:
     {
-        struct domain *d; 
+        struct domain *d;
         ret = -ESRCH;
         d = find_domain_by_id(op->u.setdomainhandle.domain);
         if ( d != NULL )
-- 
2.30.2