From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jan Kiszka Subject: Re: [PATCH] intel-iommu: Fix use after release during device attach Date: Fri, 10 Dec 2010 09:36:07 +0100 Message-ID: <4D01E677.5070702@siemens.com> References: <4CCFB84F.6050102@web.de> <201011021531.22886.sheng@linux.intel.com> <4CDFA96D.1060301@web.de> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: Linux Kernel Mailing List , kvm , Avi Kivity , Marcelo Tosatti , iommu@lists.linux-foundation.org To: Sheng Yang , David Woodhouse Return-path: In-Reply-To: <4CDFA96D.1060301@web.de> Sender: linux-kernel-owner@vger.kernel.org List-Id: kvm.vger.kernel.org Am 14.11.2010 10:18, Jan Kiszka wrote: > Am 02.11.2010 08:31, Sheng Yang wrote: >> On Tuesday 02 November 2010 15:05:51 Jan Kiszka wrote: >>> From: Jan Kiszka >>> >>> Obtail the new pgd pointer before releasing the page containing this >>> value. >>> >>> Signed-off-by: Jan Kiszka >>> --- >>> >>> Who is taking care of this? The kvm tree? >>> >>> drivers/pci/intel-iommu.c | 2 +- >>> 1 files changed, 1 insertions(+), 1 deletions(-) >>> >>> diff --git a/drivers/pci/intel-iommu.c b/drivers/pci/intel-iommu.c >>> index 4789f8e..35463dd 100644 >>> --- a/drivers/pci/intel-iommu.c >>> +++ b/drivers/pci/intel-iommu.c >>> @@ -3627,9 +3627,9 @@ static int intel_iommu_attach_device(struct >>> iommu_domain *domain, >>> >>> pte = dmar_domain->pgd; >>> if (dma_pte_present(pte)) { >>> - free_pgtable_page(dmar_domain->pgd); >>> dmar_domain->pgd = (struct dma_pte *) >>> phys_to_virt(dma_pte_addr(pte)); >>> + free_pgtable_page(pte); >>> } >>> dmar_domain->agaw--; >>> } >> >> Reviewed-by: Sheng Yang >> >> CC iommu mailing list and David. > > Ping... > > I think this fix also qualifies for stable (.35 and .36). > Still not merged? Jan -- Siemens AG, Corporate Technology, CT T DE IT 1 Corporate Competence Center Embedded Linux