From: Keir Fraser Date: Thu, 1 Dec 2011 00:59:58 +0000 (-0800) Subject: xenpaging: Fix c/s 23507:0a29c8c3ddf7 ("update machine_to_phys_mapping[] during page... X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=b6cf65cf7aeb21cea11075da268563fca22ede9c;p=xen.git xenpaging: Fix c/s 23507:0a29c8c3ddf7 ("update machine_to_phys_mapping[] during page deallocation") This patch clobbers page owner in free_heap_pages() before we are finished using it. This means that a subsequent test to determine whether it is safe to avoid safety TLB flushes incorrectly always determines that it is safe to do so. The fix is simple: we can defer the original patch's work until after we are done with the page-owner field. Thanks to Christian Limpach for spotting this one. Signed-off-by: Keir Fraser --- diff --git a/xen/common/page_alloc.c b/xen/common/page_alloc.c index 3470d32a4a..249bb355dd 100644 --- a/xen/common/page_alloc.c +++ b/xen/common/page_alloc.c @@ -547,10 +547,6 @@ static void free_heap_pages( for ( i = 0; i < (1 << order); i++ ) { - /* This page is not a guest frame any more. */ - page_set_owner(&pg[i], NULL); /* set_gpfn_from_mfn snoops pg owner */ - set_gpfn_from_mfn(mfn + i, INVALID_M2P_ENTRY); - /* * Cannot assume that count_info == 0, as there are some corner cases * where it isn't the case and yet it isn't a bug: @@ -574,6 +570,10 @@ static void free_heap_pages( pg[i].u.free.need_tlbflush = (page_get_owner(&pg[i]) != NULL); if ( pg[i].u.free.need_tlbflush ) pg[i].tlbflush_timestamp = tlbflush_current_time(); + + /* This page is not a guest frame any more. */ + page_set_owner(&pg[i], NULL); /* set_gpfn_from_mfn snoops pg owner */ + set_gpfn_from_mfn(mfn + i, INVALID_M2P_ENTRY); } avail[node][zone] += 1 << order;