On 05.12.2025 10:31, Roger Pau Monne wrote:
> --- a/xen/arch/x86/mm/p2m.c
> +++ b/xen/arch/x86/mm/p2m.c
> @@ -2007,11 +2007,15 @@ int xenmem_add_to_physmap_one(
> {
> gmfn = idx;
> mfn = get_gfn_unshare(d, gmfn, &p2mt);
> - /* If the page is still shared, exit early */
> - if ( p2m_is_shared(p2mt) )
> + /*
> + * The entry at the destination gfn will be created as type
> p2m_ram_rw.
> + * Only allow moving source gfns with p2m_ram_rw type to avoid
> + * unexpected p2m type changes as a result of the operation.
> + */
> + if ( p2mt != p2m_ram_rw )
As asked before - what about p2m_log_dirty? Imo that needs permitting here
as well. Making it become p2m_ram_rw is "natural", as long as the (new) GFN
is suitably marked dirty (which p2m_add_page() looks to be doing).
> {
> put_gfn(d, gmfn);
> - return -ENOMEM;
> + return -EACCES;
Since we tried to unshare, imo ENOMEM should continue to be returned for
p2m_is_shared().
With both changes:
Reviewed-by: Jan Beulich <[email protected]>
Jan
