[xen master] x86/p2m: fix xenmem_add_to_physmap_one double page removal

[patchbot@xxxxxxx]

commit 3e910b648b99393561e7c523756c1ea49a6c1305
Author:     Roger Pau Monné <roger.pau@xxxxxxxxxx>
AuthorDate: Wed Sep 15 15:13:14 2021 +0200
Commit:     Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Wed Sep 15 15:13:14 2021 +0200

    x86/p2m: fix xenmem_add_to_physmap_one double page removal
    
    If the new gfn matches the previous one (ie: gpfn == old_gpfn)
    xenmem_add_to_physmap_one will issue a duplicated call to
    guest_physmap_remove_page with the same guest frame number, because
    the get_gpfn_from_mfn call has been moved by commit f8582da041 to be
    performed before the original page is removed. This leads to the
    second guest_physmap_remove_page failing, which was not the case
    before commit f8582da041.
    
    Fix this by adding a check that prevents a second call to
    guest_physmap_remove_page if the previous one has already removed the
    backing page from that gfn.
    
    Fixes: f8582da041 ('x86/mm: pull a sanity check earlier in 
xenmem_add_to_physmap_one()')
    Signed-off-by: Roger Pau Monné <roger.pau@xxxxxxxxxx>
    Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx>
---
 xen/arch/x86/mm/p2m.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c
index 674a6f4fe9..2bd4d37286 100644
--- a/xen/arch/x86/mm/p2m.c
+++ b/xen/arch/x86/mm/p2m.c
@@ -2813,7 +2813,7 @@ int xenmem_add_to_physmap_one(
     }
 
     /* Unmap from old location, if any. */
-    if ( !rc && old_gpfn != INVALID_M2P_ENTRY )
+    if ( !rc && old_gpfn != INVALID_M2P_ENTRY && !gfn_eq(_gfn(old_gpfn), gpfn) 
)
         rc = guest_physmap_remove_page(d, _gfn(old_gpfn), mfn, PAGE_ORDER_4K);
 
     /* Map at new location. */
--
generated by git-patchbot for /home/xen/git/xen.git#master