Not passing P2M_UNSHARE to get_page_from_gfn() means there won't even be an attempt to unshare the referenced page, without any indication to the caller (e.g. -EAGAIN). Note that guests have no direct control over which of their pages are shared (or paged out), and hence they have no way to make sure all on their own that the subsequent obtaining of a writable type reference can actually succeed.
Signed-off-by: Jan Beulich <[email protected]> --- Really I wonder whether the function wouldn't better use check_get_page_from_gfn() _and_ permit p2m_ram_rw only. Otoh the P2M type is stale by the time it is being looked at, so all depends on the subsequent obtaining of a writable type reference anyway ... A similar issue then apparently exists in guest_wrmsr_xen() when writing the hypercall page. Interestingly there p2m_is_paging() is being checked for (but shared pages aren't). --- a/xen/common/domain.c +++ b/xen/common/domain.c @@ -1484,7 +1484,7 @@ int map_vcpu_info(struct vcpu *v, unsign if ( (v != current) && !(v->pause_flags & VPF_down) ) return -EINVAL; - page = get_page_from_gfn(d, gfn, NULL, P2M_ALLOC); + page = get_page_from_gfn(d, gfn, NULL, P2M_UNSHARE); if ( !page ) return -EINVAL;
