x86: Fix shadow pinning logic (for PV live relo).

From: Tim Deegan <Tim.Deegan@citrix.com>
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
xen-unstable changeset:   16930:193afcdb85b211d72f940e086397490ce72f06e6
xen-unstable date:        Tue Jan 29 11:50:30 2008 +0000

diff --git a/xen/arch/x86/mm/shadow/multi.c b/xen/arch/x86/mm/shadow/multi.c
index 127946d4719ec46c4df3fcf63770b91c7b8cd295..f258d35e8575d25c45796ff08c08131b7f2a492b 100644 (file)
--- a/xen/arch/x86/mm/shadow/multi.c
+++ b/xen/arch/x86/mm/shadow/multi.c
@@ -3476,8 +3476,18 @@ sh_set_toplevel_shadow(struct vcpu *v,
     v->arch.shadow_table[slot] = new_entry;
 
     /* Decrement the refcount of the old contents of this slot */
-    if ( !pagetable_is_null(old_entry) )
-        sh_put_ref(v, pagetable_get_mfn(old_entry), 0);
+    if ( !pagetable_is_null(old_entry) ) {
+        mfn_t old_smfn = pagetable_get_mfn(old_entry);
+        /* Need to repin the old toplevel shadow if it's been unpinned
+         * by shadow_prealloc(): in PV mode we're still running on this
+         * shadow and it's not safe to free it yet. */
+        if ( !mfn_to_shadow_page(old_smfn)->pinned && !sh_pin(v, old_smfn) )
+        {
+            SHADOW_ERROR("can't re-pin %#lx\n", mfn_x(old_smfn));
+            domain_crash(v->domain);
+        }
+        sh_put_ref(v, old_smfn, 0);
+    }
 }