From: kaf24@firebug.cl.cam.ac.uk <kaf24@firebug.cl.cam.ac.uk>
Date: Tue, 30 May 2006 17:14:05 +0000 (+0100)
Subject: Fix infinite recursion loop in get_page_type() error path.
X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=1a732928d3d0e10e98345a441410ba061ef155a0;p=people%2Fvhanquez%2Fxen.git

Fix infinite recursion loop in get_page_type() error path.
Signed-off-by: Keir Fraser <keir@xensource.com>
xen-unstable changeset:   10183:c43080e63545c2c9ba101fd8864b5aacc5d666e2
xen-unstable date:        Tue May 30 18:11:34 2006 +0100
---

diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c
index 564d7e6f9..63292be3f 100644
--- a/xen/arch/x86/mm.c
+++ b/xen/arch/x86/mm.c
@@ -1497,12 +1497,18 @@ int get_page_type(struct page_info *page, unsigned long type)
             {
                 if ( unlikely((x & PGT_type_mask) != (type & PGT_type_mask) ) )
                 {
-                    if ( current->domain == page_get_owner(page) )
+                    if ( (current->domain == page_get_owner(page)) &&
+                         ((x & PGT_type_mask) == PGT_writable_page) )
                     {
                         /*
                          * This ensures functions like set_gdt() see up-to-date
                          * type info without needing to clean up writable p.t.
-                         * state on the fast path.
+                         * state on the fast path. We take this path only
+                         * when the current type is writable because:
+                         *  1. It's the only type that this path can decrement.
+                         *  2. If we take this path more liberally then we can
+                         *     enter a recursive loop via get_page_from_l1e()
+                         *     during pagetable revalidation.
                          */
                         LOCK_BIGLOCK(current->domain);
                         cleanup_writable_pagetable(current->domain);