From mboxrd@z Thu Jan 1 00:00:00 1970 From: Olaf Hering Subject: [PATCH] do_memory_op: cleanup if copy_to_guest fails Date: Thu, 16 Dec 2010 18:59:10 +0100 Message-ID: <20101216175910.GA24006@aepfle.de> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Return-path: Content-Disposition: inline List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xensource.com Errors-To: xen-devel-bounces@lists.xensource.com To: xen-devel@lists.xensource.com List-Id: xen-devel@lists.xenproject.org Undo the page allocation in the ulikely event the copy_to_guest fails. Signed-off-by: Olaf Hering --- I have not exercised this code path, it was found during code inspection in 4.0 xen/common/memory.c | 9 +++++++++ 1 file changed, 9 insertions(+) --- xen-unstable.hg-4.1.22548.orig/xen/common/memory.c +++ xen-unstable.hg-4.1.22548/xen/common/memory.c @@ -82,7 +82,10 @@ static void increase_reservation(struct { mfn = page_to_mfn(page); if ( unlikely(__copy_to_guest_offset(a->extent_list, i, &mfn, 1)) ) + { + free_domheap_pages(page, a->extent_order); goto out; + } } } @@ -144,7 +147,13 @@ static void populate_physmap(struct memo /* Inform the domain of the new page's machine address. */ if ( unlikely(__copy_to_guest_offset(a->extent_list, i, &mfn, 1)) ) + { + for ( j = 0; j < (1 << a->extent_order); j++ ) + set_gpfn_from_mfn(mfn + j, INVALID_M2P_ENTRY); + guest_physmap_remove_page(d, gpfn, mfn, a->extent_order); + free_domheap_pages(page, a->extent_order); goto out; + } } } }