debuggers.hg

changeset 20651:8f304c003af4

x86-32/pod: fix map_domain_page() leak

The 'continue' in the if() part of the conditional at the end of
p2m_pod_zero_check() was causing this, but there also really is no
point in retaining the mapping after having checked page contents,
so fix it both ways. Additionally there is no point in updating
map[] at this point anymore.

Signed-off-by: Jan Beulich <jbeulich@novell.com>
author Keir Fraser <keir.fraser@citrix.com>
date Wed Dec 09 10:59:31 2009 +0000 (2009-12-09)
parents d820a6b813db
children 295e77eed8c9
files xen/arch/x86/mm/p2m.c
line diff
     1.1 --- a/xen/arch/x86/mm/p2m.c	Wed Dec 09 10:58:52 2009 +0000
     1.2 +++ b/xen/arch/x86/mm/p2m.c	Wed Dec 09 10:59:31 2009 +0000
     1.3 @@ -898,12 +898,13 @@ p2m_pod_zero_check(struct domain *d, uns
     1.4              if( *(map[i]+j) != 0 )
     1.5                  break;
     1.6  
     1.7 +        unmap_domain_page(map[i]);
     1.8 +
     1.9          /* See comment in p2m_pod_zero_check_superpage() re gnttab
    1.10           * check timing.  */
    1.11          if ( j < PAGE_SIZE/sizeof(*map[i]) )
    1.12          {
    1.13              set_p2m_entry(d, gfns[i], mfns[i], 0, types[i]);
    1.14 -            continue;
    1.15          }
    1.16          else
    1.17          {
    1.18 @@ -911,9 +912,6 @@ p2m_pod_zero_check(struct domain *d, uns
    1.19              p2m_pod_cache_add(d, mfn_to_page(mfns[i]), 0);
    1.20              d->arch.p2m->pod.entry_count++;
    1.21          }
    1.22 -
    1.23 -        unmap_domain_page(map[i]);
    1.24 -        map[i] = NULL;
    1.25      }
    1.26      
    1.27  }