[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen stable-4.8] arm/p2m: remove the page from p2m->pages list before freeing it

commit 9967251965a4cea19e6f69f7c5472174c4c5b971
Author:     Julien Grall <julien.grall@xxxxxxx>
AuthorDate: Fri Feb 24 10:01:59 2017 +0100
Commit:     Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Fri Feb 24 10:01:59 2017 +0100

    arm/p2m: remove the page from p2m->pages list before freeing it
    
    The p2m code is using the page list field to link all the pages used
    for the stage-2 page tables. The page is added into the p2m->pages
    list just after the allocation but never removed from the list.
    
    The page list field is also used by the allocator, not removing may
    result a later Xen crash due to inconsistency (see [1]).
    
    This bug was introduced by the reworking of p2m code in commit 2ef3e36ec7
    "xen/arm: p2m: Introduce p2m_set_entry and __p2m_set_entry".
    
    [1] 
https://lists.xenproject.org/archives/html/xen-devel/2017-02/msg00524.html
    
    Reported-by: Vijaya Kumar K <Vijaya.Kumar@xxxxxxxxxx>
    Signed-off-by: Julien Grall <julien.grall@xxxxxxx>
    Reviewed-by: Stefano Stabellini <sstabellini@xxxxxxxxxx>
    master commit: cf5e1a74b9687be3d146e59ab10c26be6da9d0d4
    master date: 2017-02-24 09:58:50 +0100
---
 xen/arch/arm/p2m.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/xen/arch/arm/p2m.c b/xen/arch/arm/p2m.c
index 9e81048..927c827 100644
--- a/xen/arch/arm/p2m.c
+++ b/xen/arch/arm/p2m.c
@@ -734,6 +734,7 @@ static void p2m_free_entry(struct p2m_domain *p2m,
     unsigned int i;
     lpae_t *table;
     mfn_t mfn;
+    struct page_info *pg;
 
     /* Nothing to do if the entry is invalid. */
     if ( !p2m_valid(entry) )
@@ -771,7 +772,10 @@ static void p2m_free_entry(struct p2m_domain *p2m,
     mfn = _mfn(entry.p2m.base);
     ASSERT(mfn_valid(mfn_x(mfn)));
 
-    free_domheap_page(mfn_to_page(mfn_x(mfn)));
+    pg = mfn_to_page(mfn_x(mfn));
+
+    page_list_del(pg, &p2m->pages);
+    free_domheap_page(pg);
 }
 
 static bool p2m_split_superpage(struct p2m_domain *p2m, lpae_t *entry,
--
generated by git-patchbot for /home/xen/git/xen.git#stable-4.8

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxx
https://lists.xenproject.org/xen-changelog

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.