From: Andrew Cooper <andrew.cooper3@citrix.com>
Date: Mon, 26 Jun 2017 11:58:25 +0000 (+0100)
Subject: x86/mm: Fix infinite loop in get_spage_pages()
X-Git-Tag: archive/raspbian/4.11.1-1+rpi1~1^2~66^2~1909
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=5bba2b362f7ecde1a1a034c0bb0cc882577d8bce;p=xen.git

x86/mm: Fix infinite loop in get_spage_pages()

c/s 2b8eb37 switched int i to being unsigned, but the undo logic on failure
relied in i being signed.  As i being unsigned in still preforable, adjust the
undo logic to work with an unsigned i.

Coverity-ID: 1413017
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Konrad Rzeszutek Will <konrad.wilk@oracle.com>
Reviewed-by: Wei Liu <wei.liu2@citrix.com>
---

diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c
index b20f37f253..19f672d880 100644
--- a/xen/arch/x86/mm.c
+++ b/xen/arch/x86/mm.c
@@ -2687,7 +2687,7 @@ static int get_spage_pages(struct page_info *page, struct domain *d)
     {
         if ( !get_page_and_type(page, d, PGT_writable_page) )
         {
-            while ( --i >= 0 )
+            while ( i-- > 0 )
                 put_page_and_type(--page);
             return 0;
         }