From: Andrew Cooper <andrew.cooper3@citrix.com>
Date: Wed, 27 Jul 2016 17:54:16 +0000 (+0100)
Subject: x86/mm: Avoid NULL dereference when checking altp2m's for shareability
X-Git-Tag: archive/raspbian/4.8.0-1+rpi1~1^2~655
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=3b54cffcdf86485dd336f71419d3bfc7106ca56c;p=xen.git

x86/mm: Avoid NULL dereference when checking altp2m's for shareability

Coverity identifies that __get_gfn_type_access() unconditionally writes to its
type parameter under a number of circumstances.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: George Dunlap <george.dunlap@citrix.com>
---

diff --git a/xen/arch/x86/mm/mem_sharing.c b/xen/arch/x86/mm/mem_sharing.c
index 47e08209eb..14952ce76c 100644
--- a/xen/arch/x86/mm/mem_sharing.c
+++ b/xen/arch/x86/mm/mem_sharing.c
@@ -870,6 +870,7 @@ int mem_sharing_nominate_page(struct domain *d,
         unsigned int i;
         struct p2m_domain *ap2m;
         mfn_t amfn;
+        p2m_type_t ap2mt;
         p2m_access_t ap2ma;
 
         altp2m_list_lock(d);
@@ -880,7 +881,7 @@ int mem_sharing_nominate_page(struct domain *d,
             if ( !ap2m )
                 continue;
 
-            amfn = get_gfn_type_access(ap2m, gfn, NULL, &ap2ma, 0, NULL);
+            amfn = get_gfn_type_access(ap2m, gfn, &ap2mt, &ap2ma, 0, NULL);
             if ( mfn_valid(amfn) && (mfn_x(amfn) != mfn_x(mfn) || ap2ma != p2ma) )
             {
                 altp2m_list_unlock(d);