From f0fc1e8294a963528556b0862c06bb3fcf7c390a Mon Sep 17 00:00:00 2001 From: Matthew Daley Date: Thu, 28 Feb 2013 18:16:04 +1300 Subject: [PATCH] x86/mm: fix invalid unlinking of nested p2m tables Commit 90805dc (c/s 26387:4056e5a3d815) ("EPT: Make ept data stucture or operations neutral") makes nested p2m tables be unlinked from the host p2m table before their destruction (in p2m_teardown_nestedp2m). However, by this time the host p2m table has already been torn down, leading to a possible race condition where another allocation between the two kinds of table being torn down can lead to a linked list assertion with debug=y builds or memory corruption on debug=n ones. Fix by swapping the order the two kinds of table are torn down in. While at it, remove the condition in p2m_final_teardown, as it is already checked identically in p2m_teardown_hostp2m itself. Signed-off-by: Matthew Daley Acked-by: Tim Deegan --- xen/arch/x86/mm/p2m.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index b70716d140..4837de3e1a 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -488,15 +488,13 @@ void p2m_teardown(struct p2m_domain *p2m) void p2m_final_teardown(struct domain *d) { - /* Iterate over all p2m tables per domain */ - struct p2m_domain *p2m = p2m_get_hostp2m(d); - if ( p2m ) - p2m_teardown_hostp2m(d); - /* We must teardown unconditionally because * we initialise them unconditionally. */ p2m_teardown_nestedp2m(d); + + /* Iterate over all p2m tables per domain */ + p2m_teardown_hostp2m(d); } -- 2.30.2