memory: exit early from memory_exchange() upon write-back error

There's no point in continuing if in the end we'll return -EFAULT
anyway. It also seems wrong to report a chunk for which at least one
write-back failed as successfully exchanged (albeit the indication of
an error is also not fully correct, as the exchange happened in that
case at least partially - retrieving the GFN to assign the memory to
and/or handing back the information on the replacement memory didn't
work). In any case limiting the amount of damage done to the guest
can't be all that bad an idea.

Reported-by: Jann Horn <jannh@xxxxxxxxxx>
Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
---
I'm additionally surprised we don't require input GFNs to be order
aligned for both IN- and OUT-chunks (similarly for populate-physmap
and decrease-reservation).

--- a/xen/common/memory.c
+++ b/xen/common/memory.c
@@ -639,6 +639,9 @@ static long memory_exchange(XEN_GUEST_HA
             }
         }
         BUG_ON( !(d->is_dying) && (j != (1UL << out_chunk_order)) );
+
+        if ( rc )
+            goto fail;
     }
 
     exch.nr_exchanged = exch.in.nr_extents;