From d7f655cb2a4bcbdb4da3408a07a9a6d278a97bcd Mon Sep 17 00:00:00 2001
From: "kaf24@firebug.cl.cam.ac.uk" <kaf24@firebug.cl.cam.ac.uk>
Date: Mon, 19 Sep 2005 09:00:26 +0000
Subject: [PATCH] The domain structure maintains several shadow mode stats,
 such as shadow page counts for l1 & l2, hl2 tables, snapshots, etc.  These
 counts are not decremented properly when we free shadow pages.  The following
 patch fixes this problem.

Signed-off-by: Khoa Huynh <khoa@us.ibm.com>
---
 xen/arch/x86/shadow32.c      | 6 ++++--
 xen/arch/x86/shadow_public.c | 8 +++++---
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/xen/arch/x86/shadow32.c b/xen/arch/x86/shadow32.c
index 73e6f64123..796767132c 100644
--- a/xen/arch/x86/shadow32.c
+++ b/xen/arch/x86/shadow32.c
@@ -399,22 +399,26 @@ void free_shadow_page(unsigned long smfn)
         perfc_decr(shadow_l1_pages);
         shadow_demote(d, gpfn, gmfn);
         free_shadow_l1_table(d, smfn);
+        d->arch.shadow_page_count--;
         break;
 
     case PGT_l2_shadow:
         perfc_decr(shadow_l2_pages);
         shadow_demote(d, gpfn, gmfn);
         free_shadow_l2_table(d, smfn, page->u.inuse.type_info);
+        d->arch.shadow_page_count--;
         break;
 
     case PGT_hl2_shadow:
         perfc_decr(hl2_table_pages);
         shadow_demote(d, gpfn, gmfn);
         free_shadow_hl2_table(d, smfn);
+        d->arch.hl2_page_count--;
         break;
 
     case PGT_snapshot:
         perfc_decr(snapshot_pages);
+        d->arch.snapshot_page_count--;
         break;
 
     default:
@@ -423,8 +427,6 @@ void free_shadow_page(unsigned long smfn)
         break;
     }
 
-    d->arch.shadow_page_count--;
-
     // No TLB flushes are needed the next time this page gets allocated.
     //
     page->tlbflush_timestamp = 0;
diff --git a/xen/arch/x86/shadow_public.c b/xen/arch/x86/shadow_public.c
index d8cb85c4c4..771e8d0fc1 100644
--- a/xen/arch/x86/shadow_public.c
+++ b/xen/arch/x86/shadow_public.c
@@ -595,18 +595,21 @@ void free_shadow_page(unsigned long smfn)
         perfc_decr(shadow_l1_pages);
         shadow_demote(d, gpfn, gmfn);
         free_shadow_l1_table(d, smfn);
+        d->arch.shadow_page_count--;
         break;
 #if defined (__i386__)
     case PGT_l2_shadow:
         perfc_decr(shadow_l2_pages);
         shadow_demote(d, gpfn, gmfn);
         free_shadow_l2_table(d, smfn, page->u.inuse.type_info);
+        d->arch.shadow_page_count--;
         break;
 
     case PGT_hl2_shadow:
         perfc_decr(hl2_table_pages);
         shadow_demote(d, gpfn, gmfn);
         free_shadow_hl2_table(d, smfn);
+        d->arch.hl2_page_count--;
         break;
 #else
     case PGT_l2_shadow:
@@ -614,12 +617,13 @@ void free_shadow_page(unsigned long smfn)
     case PGT_l4_shadow:
         shadow_demote(d, gpfn, gmfn);
         free_shadow_tables(d, smfn, shadow_type_to_level(type));
+        d->arch.shadow_page_count--;
         break;
 
     case PGT_fl1_shadow:
         free_shadow_fl1_table(d, smfn);
+        d->arch.shadow_page_count--;
         break;
-
 #endif
 
     case PGT_snapshot:
@@ -632,8 +636,6 @@ void free_shadow_page(unsigned long smfn)
         break;
     }
 
-    d->arch.shadow_page_count--;
-
     // No TLB flushes are needed the next time this page gets allocated.
     //
     page->tlbflush_timestamp = 0;
-- 
2.30.2