xen: execve's error paths don't pin the mm before unpinning

execve's error paths don't activate (and therefore pin) the mm before
calling exit_mmap to free it up, so don't try to unpin unless it is
actually pinned.  This prevents a BUG_ON from triggering.

Signed-off-by: Jeremy Fitzhardinge <[email protected]>
Cc: Christian Ostheimer <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>

diff --git a/arch/i386/xen/mmu.c b/arch/i386/xen/mmu.c
index 4ae038aa6c244b91ac0d244f84c62ade47fee424..874db0cd1d2a5f6fc1c9f9a172863edb9c260339 100644 (file)
--- a/arch/i386/xen/mmu.c
+++ b/arch/i386/xen/mmu.c
@@ -559,6 +559,9 @@ void xen_exit_mmap(struct mm_struct *mm)
        put_cpu();
 
        spin_lock(&mm->page_table_lock);
-       xen_pgd_unpin(mm->pgd);
+
+       /* pgd may not be pinned in the error exit path of execve */
+       if (PagePinned(virt_to_page(mm->pgd)))
+               xen_pgd_unpin(mm->pgd);
        spin_unlock(&mm->page_table_lock);
 }