There are cases where pages can get freed with free_heap_pages() when
in fact they were never properly initialised in the heap — they may
have been allocated from the boot allocator, simply assigned directly
to dom0 as part of its initrd, etc.

We have plans to make vmap available during early boot, which would
exacerbate this situation a tiny bit more, as a few more page tables
would stand a small chance of being allocated by the boot allocator and
freed later.

Resolve this by introducing a new page state, PGC_state_uninitialised,
expanding the PGC_state to 3 bits (8 possible values) by subsuming the
PGC_broken bit into it and eliminating the redundant possible
combinations of PGC_broken and various states.

Pages which find their way into free_heap_pages() while still in
PGC_state_uninitialised can thus be detected and properly
rehabilitated, basically by passing them through init_heap_pages().


David Woodhouse (2):
      xen/mm: fold PGC_broken into PGC_state bits
      xen/mm: Introduce PGC_state_uninitialised

xen/arch/x86/domctl.c    |   2 +-
 xen/arch/x86/mm.c        |   3 +-
 xen/common/page_alloc.c  | 110 +++++++++++++++++++++++++++++------------------
 xen/include/asm-arm/mm.h |  39 +++++++++++------
 xen/include/asm-x86/mm.h |  37 +++++++++++-----
 5 files changed, 125 insertions(+), 66 deletions(-)