From mboxrd@z Thu Jan  1 00:00:00 1970
From: Andres Lagar-Cavilla <andres@lagarcavilla.org>
Subject: [PATCH 3 of 3] x86/mm: Fix checks during foreign
 mapping of paged pages
Date: Thu, 01 Dec 2011 11:21:47 -0500
Message-ID: <2372d2bf76b563a63ed0.1322756507@xdev.gridcentric.ca>
References: <patchbomb.1322756504@xdev.gridcentric.ca>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xensource.com>
In-Reply-To: <patchbomb.1322756504@xdev.gridcentric.ca>
List-Unsubscribe: <http://lists.xensource.com/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xensource.com>
List-Help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-Subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
Sender: xen-devel-bounces@lists.xensource.com
Errors-To: xen-devel-bounces@lists.xensource.com
To: xen-devel@lists.xensource.com
Cc: andres@gridcentric.ca, keir.xen@gmail.com, tim@xen.org, JBeulich@suse.com, adin@gridcentric.ca
List-Id: xen-devel@lists.xenproject.org

 xen/arch/x86/mm.c |  12 ++++++++----
 1 files changed, 8 insertions(+), 4 deletions(-)


Check that the valid mfn is the one we are mapping, not the
mfn of the page table of the foreign domain.

Signed-off-by: Andres Lagar-Cavilla <andres@lagarcavilla.org>

diff -r 4e0c533a3e1d -r 2372d2bf76b5 xen/arch/x86/mm.c
--- a/xen/arch/x86/mm.c
+++ b/xen/arch/x86/mm.c
@@ -3572,7 +3572,8 @@ int do_mmu_update(
                         rc = -ENOENT;
                         break;
                     }
-                    else if ( p2m_ram_paging_in_start == l1e_p2mt && !mfn_valid(mfn) )
+                    else if ( p2m_ram_paging_in_start == l1e_p2mt && 
+                                !mfn_valid(l1emfn) )
                     {
                         put_gfn(pg_owner, l1egfn);
                         rc = -ENOENT;
@@ -3620,7 +3621,8 @@ int do_mmu_update(
                         rc = -ENOENT;
                         break;
                     }
-                    else if ( p2m_ram_paging_in_start == l2e_p2mt && !mfn_valid(mfn) )
+                    else if ( p2m_ram_paging_in_start == l2e_p2mt && 
+                                !mfn_valid(l2emfn) )
                     {
                         put_gfn(pg_owner, l2egfn);
                         rc = -ENOENT;
@@ -3654,7 +3656,8 @@ int do_mmu_update(
                         rc = -ENOENT;
                         break;
                     }
-                    else if ( p2m_ram_paging_in_start == l3e_p2mt && !mfn_valid(mfn) )
+                    else if ( p2m_ram_paging_in_start == l3e_p2mt && 
+                                !mfn_valid(l3emfn) )
                     {
                         put_gfn(pg_owner, l3egfn);
                         rc = -ENOENT;
@@ -3688,7 +3691,8 @@ int do_mmu_update(
                         rc = -ENOENT;
                         break;
                     }
-                    else if ( p2m_ram_paging_in_start == l4e_p2mt && !mfn_valid(mfn) )
+                    else if ( p2m_ram_paging_in_start == l4e_p2mt && 
+                                !mfn_valid(l4emfn) )
                     {
                         put_gfn(pg_owner, l4egfn);
                         rc = -ENOENT;