* [PATCH] kvm:iommu: fix the third parameter of kvm_iommu_put_pages
@ 2014-08-19 11:14 zhanghailiang
2014-08-19 13:00 ` Paolo Bonzini
0 siblings, 1 reply; 2+ messages in thread
From: zhanghailiang @ 2014-08-19 11:14 UTC (permalink / raw)
To: kvm; +Cc: pbonzini, gleb, peter.huangpeng, luonengjun, zhanghailiang
The third parameter of kvm_iommu_put_pages is wrong,
It should be 'gfn-slot->base_gfn'
Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
---
virt/kvm/iommu.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/virt/kvm/iommu.c b/virt/kvm/iommu.c
index 0df7d4b..c02f9a3 100644
--- a/virt/kvm/iommu.c
+++ b/virt/kvm/iommu.c
@@ -134,7 +134,7 @@ int kvm_iommu_map_pages(struct kvm *kvm, struct kvm_memory_slot *slot)
return 0;
unmap_pages:
- kvm_iommu_put_pages(kvm, slot->base_gfn, gfn);
+ kvm_iommu_put_pages(kvm, slot->base_gfn, gfn - slot->base_gfn);
return r;
}
--
1.7.12.4
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] kvm:iommu: fix the third parameter of kvm_iommu_put_pages
2014-08-19 11:14 [PATCH] kvm:iommu: fix the third parameter of kvm_iommu_put_pages zhanghailiang
@ 2014-08-19 13:00 ` Paolo Bonzini
0 siblings, 0 replies; 2+ messages in thread
From: Paolo Bonzini @ 2014-08-19 13:00 UTC (permalink / raw)
To: zhanghailiang, kvm; +Cc: gleb, peter.huangpeng, luonengjun, Michael S. Tsirkin
Il 19/08/2014 13:14, zhanghailiang ha scritto:
> The third parameter of kvm_iommu_put_pages is wrong,
> It should be 'gfn-slot->base_gfn'
This fixes a crash, doesn't it? Please mention it in the commit
message, because we have to assign a CVE for this kind of issue. It
will be CVE-2014-3601.
I have learnt about this crash last week from Michael Tsirkin, whose
patch also had the following hunk:
diff --git a/virt/kvm/iommu.c b/virt/kvm/iommu.c
index 0df7d4b34dfe..1e458a7d96f1 100644
--- a/virt/kvm/iommu.c
+++ b/virt/kvm/iommu.c
@@ -123,6 +123,7 @@ int kvm_iommu_map_pages(struct kvm *kvm, struct
kvm_memory_slot *slot)
if (r) {
printk(KERN_ERR "kvm_iommu_map_address:"
"iommu failed to map pfn=%llx\n", pfn);
+ kvm_unpin_pages(kvm, pfn, page_size);
goto unmap_pages;
}
So I'm going to apply his instead.
Thanks for the report,
Paolo
> Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
> ---
> virt/kvm/iommu.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/virt/kvm/iommu.c b/virt/kvm/iommu.c
> index 0df7d4b..c02f9a3 100644
> --- a/virt/kvm/iommu.c
> +++ b/virt/kvm/iommu.c
> @@ -134,7 +134,7 @@ int kvm_iommu_map_pages(struct kvm *kvm, struct kvm_memory_slot *slot)
> return 0;
>
> unmap_pages:
> - kvm_iommu_put_pages(kvm, slot->base_gfn, gfn);
> + kvm_iommu_put_pages(kvm, slot->base_gfn, gfn - slot->base_gfn);
> return r;
> }
>
>
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2014-08-19 13:00 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-08-19 11:14 [PATCH] kvm:iommu: fix the third parameter of kvm_iommu_put_pages zhanghailiang
2014-08-19 13:00 ` Paolo Bonzini
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.