Comment 23 for bug 705562

I fear just installing those won't help me that much as long as there is nothing that is really done. Ok, I hope this will work as intended. The problem is that while it is clear that the pointer used to call the destructor in free_hot_cold_page() is wrong, it does not help much explaining how things got there.

Looking at the code there are only about four places that use this foreign page flag: gnttab, netback, pageattr_64-xen and pgtable_32-xen. Now netback should not be used as we are domU and pageattr_64 should not matter as the instance is a 32bit. Not really sure about gnttab. But there are other places using page->index and maybe something goes wrong there (though the likely candidate pgrable_32 only uses the flag for pte pages and those should not get used otherwise).

So what I did is to rename the element index of the page structure and convert all users to s that indirectly through function calls. Then to have a independent element to additionally store the destructor and finally a check whenever index is set whether this would compromise the destructor.

I added v2 kernel images to my people page. If things go as I hope, those should emit a warning whenever the destructor seems to get overwritten. Probably still leading to a crash later because the page should not have had a destructor at all... Unfortunately I cannot verify whether I did it right as I cannot trigger the problem.