From 92bc18632011c85a58247ce305ffa4ca583f52cd Mon Sep 17 00:00:00 2001
From: Jan Beulich <jbeulich@suse.com>
Date: Fri, 30 Oct 2020 14:27:23 +0100
Subject: [PATCH] x86/shadow: correct GFN use by sh_unshadow_for_p2m_change()

Luckily sh_remove_all_mappings()'s use of the parameter is limited to
generation of log messages. Nevertheless we'd better pass correct GFNs
around:
- the incoming GFN, when replacing a large page, may not be large page
  aligned,
- incrementing by page-size-scaled values can't be right.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Tim Deegan <tim@xen.org>
---
 xen/arch/x86/mm/shadow/common.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/xen/arch/x86/mm/shadow/common.c b/xen/arch/x86/mm/shadow/common.c
index 0d59dea6ad..9c3d9a7cfd 100644
--- a/xen/arch/x86/mm/shadow/common.c
+++ b/xen/arch/x86/mm/shadow/common.c
@@ -3121,6 +3121,8 @@ static void sh_unshadow_for_p2m_change(struct domain *d, unsigned long gfn,
                  && mfn_valid(nmfn) )
                 npte = map_domain_page(nmfn);
 
+            gfn &= ~(L1_PAGETABLE_ENTRIES - 1);
+
             for ( i = 0; i < L1_PAGETABLE_ENTRIES; i++ )
             {
                 if ( !npte
@@ -3129,8 +3131,7 @@ static void sh_unshadow_for_p2m_change(struct domain *d, unsigned long gfn,
                 {
                     /* This GFN->MFN mapping has gone away */
                     sh_remove_all_shadows_and_parents(d, omfn);
-                    if ( sh_remove_all_mappings(d, omfn,
-                                                _gfn(gfn + (i << PAGE_SHIFT))) )
+                    if ( sh_remove_all_mappings(d, omfn, _gfn(gfn + i)) )
                         cpumask_or(&flushmask, &flushmask, d->dirty_cpumask);
                 }
                 omfn = mfn_add(omfn, 1);
-- 
2.30.2