From 3e910b648b99393561e7c523756c1ea49a6c1305 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Roger=20Pau=20Monn=C3=A9?= Date: Wed, 15 Sep 2021 15:13:14 +0200 Subject: [PATCH] x86/p2m: fix xenmem_add_to_physmap_one double page removal MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit If the new gfn matches the previous one (ie: gpfn == old_gpfn) xenmem_add_to_physmap_one will issue a duplicated call to guest_physmap_remove_page with the same guest frame number, because the get_gpfn_from_mfn call has been moved by commit f8582da041 to be performed before the original page is removed. This leads to the second guest_physmap_remove_page failing, which was not the case before commit f8582da041. Fix this by adding a check that prevents a second call to guest_physmap_remove_page if the previous one has already removed the backing page from that gfn. Fixes: f8582da041 ('x86/mm: pull a sanity check earlier in xenmem_add_to_physmap_one()') Signed-off-by: Roger Pau Monné Reviewed-by: Jan Beulich --- xen/arch/x86/mm/p2m.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index 674a6f4fe9..2bd4d37286 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -2813,7 +2813,7 @@ int xenmem_add_to_physmap_one( } /* Unmap from old location, if any. */ - if ( !rc && old_gpfn != INVALID_M2P_ENTRY ) + if ( !rc && old_gpfn != INVALID_M2P_ENTRY && !gfn_eq(_gfn(old_gpfn), gpfn) ) rc = guest_physmap_remove_page(d, _gfn(old_gpfn), mfn, PAGE_ORDER_4K); /* Map at new location. */ -- 2.30.2