From: Malcolm Crossley <malcolm.crossley@citrix.com>
Date: Wed, 25 Apr 2012 10:35:56 +0000 (+0200)
Subject: x86-64: Fix memory hotplug epfn upper limit test for updating the compat M2P table
X-Git-Tag: archive/raspbian/4.8.0-1+rpi1~1^2~8556^2
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=f1434c2e8e57aa9f75ea8d20612396524df8cd96;p=xen.git

x86-64: Fix memory hotplug epfn upper limit test for updating the compat M2P table

The epfn is being compared to (RDWR_COMPAT_MPT_VIRT_END -
RDWR_COMPAT_MPT_VIRT_START) without a 2 bit shift, resulting in the
epfn being compared to the size of the RDWR_COMPAT_MPT table in bytes
instead of the maximum page frame number that the RDWR_COMPAT_MPT
table can map.

Signed-off-by: Malcolm Crossley <malcolm.crossley@citrix.com>
Committed-by: Jan Beulich <jbeulich@suse.com>
---

diff --git a/xen/arch/x86/x86_64/mm.c b/xen/arch/x86/x86_64/mm.c
index 6a71c2860e..635a499d65 100644
--- a/xen/arch/x86/x86_64/mm.c
+++ b/xen/arch/x86/x86_64/mm.c
@@ -454,7 +454,7 @@ static int setup_compat_m2p_table(struct mem_hotadd_info *info)
     if   ((smap > ((RDWR_COMPAT_MPT_VIRT_END - RDWR_COMPAT_MPT_VIRT_START) >> 2)) )
         return 0;
 
-    if (epfn > (RDWR_COMPAT_MPT_VIRT_END - RDWR_COMPAT_MPT_VIRT_START))
+    if ( epfn > ((RDWR_COMPAT_MPT_VIRT_END - RDWR_COMPAT_MPT_VIRT_START) >> 2) )
         epfn = (RDWR_COMPAT_MPT_VIRT_END - RDWR_COMPAT_MPT_VIRT_START) >> 2;
 
     emap = ( (epfn + ((1UL << (L2_PAGETABLE_SHIFT - 2)) - 1 )) &