From: Tamas K Lengyel <tamas@tklengyel.com>
Date: Thu, 25 Apr 2019 15:32:50 +0000 (-0600)
Subject: x86/mem_sharing: aquire extra references for pages with correct domain
X-Git-Tag: archive/raspbian/4.14.0+80-gd101b417b7-1+rpi1^2~63^2~2291
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=bad2c180988886e3232d2df24ecfc31b0cd51033;p=xen.git

x86/mem_sharing: aquire extra references for pages with correct domain

Patch 0502e0adae2 "x86: correct instances of PGC_allocated clearing" introduced
grabbing extra references for pages that drop references tied to PGC_allocated.
However, these pages are actually owned by dom_cow, resulting both sharing and
unsharing breaking.

Signed-off-by: Tamas K Lengyel <tamas@tklengyel.com>
Acked-by: Andrew Cooper <andrew.cooper3@citrix.com>
---

diff --git a/xen/arch/x86/mm/mem_sharing.c b/xen/arch/x86/mm/mem_sharing.c
index 03aafa57a6..f16a3f5324 100644
--- a/xen/arch/x86/mm/mem_sharing.c
+++ b/xen/arch/x86/mm/mem_sharing.c
@@ -965,7 +965,7 @@ static int share_pages(struct domain *sd, gfn_t sgfn, shr_handle_t sh,
     }
 
     /* Acquire an extra reference, for the freeing below to be safe. */
-    if ( !get_page(cpage, cd) )
+    if ( !get_page(cpage, dom_cow) )
     {
         ret = -EOVERFLOW;
         mem_sharing_page_unlock(secondpg);
@@ -1171,7 +1171,7 @@ int __mem_sharing_unshare_page(struct domain *d,
         mem_sharing_page_unlock(page);
         if ( last_gfn )
         {
-            if ( !get_page(page, d) )
+            if ( !get_page(page, dom_cow) )
             {
                 put_gfn(d, gfn);
                 domain_crash(d);