summaryrefslogtreecommitdiff
path: root/crypto/crc32c_generic.c
diff options
context:
space:
mode:
authorQuentin Casasnovas <quentin.casasnovas@oracle.com>2014-10-18 00:55:59 +0400
committerPaolo Bonzini <pbonzini@redhat.com>2014-10-24 15:30:37 +0400
commit3d32e4dbe71374a6780eaf51d719d76f9a9bf22f (patch)
tree977b69a4db7362325a5fda148ba2e43e2a8e07df /crypto/crc32c_generic.c
parent3f6f1480d86bf9fc16c160d803ab1d006e3058d5 (diff)
downloadlinux-3d32e4dbe71374a6780eaf51d719d76f9a9bf22f.tar.xz
kvm: fix excessive pages un-pinning in kvm_iommu_map error path.
The third parameter of kvm_unpin_pages() when called from kvm_iommu_map_pages() is wrong, it should be the number of pages to un-pin and not the page size. This error was facilitated with an inconsistent API: kvm_pin_pages() takes a size, but kvn_unpin_pages() takes a number of pages, so fix the problem by matching the two. This was introduced by commit 350b8bd ("kvm: iommu: fix the third parameter of kvm_iommu_put_pages (CVE-2014-3601)"), which fixes the lack of un-pinning for pages intended to be un-pinned (i.e. memory leak) but unfortunately potentially aggravated the number of pages we un-pin that should have stayed pinned. As far as I understand though, the same practical mitigations apply. This issue was found during review of Red Hat 6.6 patches to prepare Ksplice rebootless updates. Thanks to Vegard for his time on a late Friday evening to help me in understanding this code. Fixes: 350b8bd ("kvm: iommu: fix the third parameter of... (CVE-2014-3601)") Cc: stable@vger.kernel.org Signed-off-by: Quentin Casasnovas <quentin.casasnovas@oracle.com> Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com> Signed-off-by: Jamie Iles <jamie.iles@oracle.com> Reviewed-by: Sasha Levin <sasha.levin@oracle.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Diffstat (limited to 'crypto/crc32c_generic.c')
0 files changed, 0 insertions, 0 deletions