From: Jan Beulich <jbeulich@suse.com>
Date: Tue, 26 Nov 2019 13:17:11 +0000 (+0100)
Subject: x86/p2m-pt: fix (latent) page table mapping leak on do_recalc() error paths
X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=3f1a53bef84fca5ffb4178638db14c747231851f;p=people%2Fsstabellini%2Fxen-unstable.git%2F.git

x86/p2m-pt: fix (latent) page table mapping leak on do_recalc() error paths

There are two mappings active in the middle of do_recalc(), and hence
commit 0d0f4d78e5d1 ("p2m: change write_p2m_entry to return an error
code") should have added (or otherwise invoked) unmapping code just
like it did in p2m_next_level(), despite us not expecting any errors
here. Arrange for the existing unmap invocation to take effect in all
cases.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: George Dunlap <george.dunlap@citrix.com>
Release-acked-by: Juergen Gross <jgross@suse.com>
---

diff --git a/xen/arch/x86/mm/p2m-pt.c b/xen/arch/x86/mm/p2m-pt.c
index 4491079019..eb66077496 100644
--- a/xen/arch/x86/mm/p2m-pt.c
+++ b/xen/arch/x86/mm/p2m-pt.c
@@ -391,21 +391,22 @@ static int do_recalc(struct p2m_domain *p2m, unsigned long gfn)
                     if ( err )
                     {
                         ASSERT_UNREACHABLE();
-                        goto out;
+                        break;
                     }
                 }
                 remainder -= 1UL << ((level - 1) * PAGETABLE_ORDER);
             }
             smp_wmb();
-            clear_recalc(l1, e);
-            err = p2m->write_p2m_entry(p2m, gfn, pent, e, level + 1);
-            if ( err )
+            if ( !err )
             {
-                ASSERT_UNREACHABLE();
-                goto out;
+                clear_recalc(l1, e);
+                err = p2m->write_p2m_entry(p2m, gfn, pent, e, level + 1);
+                ASSERT(!err);
             }
         }
         unmap_domain_page((void *)((unsigned long)pent & PAGE_MASK));
+        if ( unlikely(err) )
+            goto out;
     }
 
     pent = p2m_find_entry(table, &gfn_remainder, gfn,