From 10ffcd2276e68ffa2609d0f823fe368728e30d41 Mon Sep 17 00:00:00 2001
From: Shriram Rajagopalan <rshriram@cs.ubc.ca>
Date: Thu, 3 Mar 2011 16:55:27 +0000
Subject: [PATCH] libxc: fix incorrect scanning of pfn array in pagebuf during
 migration

xc_domain_restore.c:apply_batch function makes two passes over the pfn_types
array in pagebuf to allocate the needed MFNs. The curbatch parameter to this
function specifies the array offset in pfn_types, from where the current scan
should begin. But this variable is not taken into account (index always starts
at 0) during the two passes. While this [bug] does not manifest itsef during
save/restore or live migration, under Remus, xc_domain_restore fails due to
corrupt guest page tables.

(This appears to have been broken by 21588:6c3d8aec202d which reverted
two changesets from before Remus support was added and hence
reintroduced some none-Remus compatible bits.)

Signed-off-by: Shriram Rajagopalan <rshriram@cs.ubc.ca>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
---
 tools/libxc/xc_domain_restore.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/tools/libxc/xc_domain_restore.c b/tools/libxc/xc_domain_restore.c
index eb9eee300..34f97b617 100644
--- a/tools/libxc/xc_domain_restore.c
+++ b/tools/libxc/xc_domain_restore.c
@@ -907,8 +907,8 @@ static int apply_batch(xc_interface *xch, uint32_t dom, struct restore_ctx *ctx,
     for ( i = 0; i < j; i++ )
     {
         unsigned long pfn, pagetype;
-        pfn      = pagebuf->pfn_types[i] & ~XEN_DOMCTL_PFINFO_LTAB_MASK;
-        pagetype = pagebuf->pfn_types[i] &  XEN_DOMCTL_PFINFO_LTAB_MASK;
+        pfn      = pagebuf->pfn_types[i + curbatch] & ~XEN_DOMCTL_PFINFO_LTAB_MASK;
+        pagetype = pagebuf->pfn_types[i + curbatch] &  XEN_DOMCTL_PFINFO_LTAB_MASK;
 
         if ( (pagetype != XEN_DOMCTL_PFINFO_XTAB) && 
              (ctx->p2m[pfn] == INVALID_P2M_ENTRY) )
@@ -934,8 +934,8 @@ static int apply_batch(xc_interface *xch, uint32_t dom, struct restore_ctx *ctx,
     for ( i = 0; i < j; i++ )
     {
         unsigned long pfn, pagetype;
-        pfn      = pagebuf->pfn_types[i] & ~XEN_DOMCTL_PFINFO_LTAB_MASK;
-        pagetype = pagebuf->pfn_types[i] &  XEN_DOMCTL_PFINFO_LTAB_MASK;
+        pfn      = pagebuf->pfn_types[i + curbatch] & ~XEN_DOMCTL_PFINFO_LTAB_MASK;
+        pagetype = pagebuf->pfn_types[i + curbatch] &  XEN_DOMCTL_PFINFO_LTAB_MASK;
 
         if ( pagetype == XEN_DOMCTL_PFINFO_XTAB )
             region_mfn[i] = ~0UL; /* map will fail but we don't care */
-- 
2.39.5