From: Andrew Cooper <andrew.cooper3@citrix.com>
Date: Fri, 1 Feb 2019 10:29:16 +0000 (+0100)
Subject: x86/soft-reset: Drop gfn reference after calling get_gfn_query()
X-Git-Tag: RELEASE-4.11.2~103
X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=0b2be0bd82b889d71be1c2004fb3099c7dba4c6d;p=people%2Fdwmw2%2Fxen.git

x86/soft-reset: Drop gfn reference after calling get_gfn_query()

get_gfn_query() internally takes the p2m lock, and this error path leaves it
locked.

This wasn't included in XSA-277 because the error path can only be triggered
by a carefully timed phymap operation concurrent with the domain being paused
and the toolstack issuing DOMCTL_soft_reset.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
master commit: e7969e917cef276318f722a607985a2e896aeb94
master date: 2018-11-22 17:58:46 +0000
---

diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c
index 5a0f64feaf..b1e50d135d 100644
--- a/xen/arch/x86/domain.c
+++ b/xen/arch/x86/domain.c
@@ -696,7 +696,7 @@ int arch_domain_soft_reset(struct domain *d)
         printk(XENLOG_G_ERR "Failed to get Dom%d's shared_info GFN (%lx)\n",
                d->domain_id, gfn);
         ret = -EINVAL;
-        goto exit_put_page;
+        goto exit_put_gfn;
     }
 
     new_page = alloc_domheap_page(d, 0);