| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 13 Nov 2019 18:00:35 +0100
From: Cédric Le Goater <clg@...d.org>
To: Greg Kurz <groug@...d.org>, Paul Mackerras <paulus@...abs.org>
Cc: Michael Ellerman <mpe@...erman.id.au>,
Benjamin Herrenschmidt <benh@...nel.crashing.org>,
David Gibson <david@...son.dropbear.id.au>,
Lijun Pan <ljp@...ux.ibm.com>,
Satheesh Rajendran <sathnaga@...ux.vnet.ibm.com>,
Laurent Vivier <lvivier@...hat.com>, kvm-ppc@...r.kernel.org,
linuxppc-dev@...ts.ozlabs.org, stable@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2 2/2] KVM: PPC: Book3S HV: XIVE: Fix potential page leak
on error path
On 13/11/2019 17:46, Greg Kurz wrote:
> We need to check the host page size is big enough to accomodate the
> EQ. Let's do this before taking a reference on the EQ page to avoid
> a potential leak if the check fails.
>
> Cc: stable@...r.kernel.org # v5.2
> Fixes: 13ce3297c576 ("KVM: PPC: Book3S HV: XIVE: Add controls for the EQ configuration")
> Signed-off-by: Greg Kurz <groug@...d.org>
Reviewed-by: Cédric Le Goater <clg@...d.org>
> ---
> arch/powerpc/kvm/book3s_xive_native.c | 13 +++++++------
> 1 file changed, 7 insertions(+), 6 deletions(-)
>
> diff --git a/arch/powerpc/kvm/book3s_xive_native.c b/arch/powerpc/kvm/book3s_xive_native.c
> index 0e1fc5a16729..d83adb1e1490 100644
> --- a/arch/powerpc/kvm/book3s_xive_native.c
> +++ b/arch/powerpc/kvm/book3s_xive_native.c
> @@ -630,12 +630,6 @@ static int kvmppc_xive_native_set_queue_config(struct kvmppc_xive *xive,
>
> srcu_idx = srcu_read_lock(&kvm->srcu);
> gfn = gpa_to_gfn(kvm_eq.qaddr);
> - page = gfn_to_page(kvm, gfn);
> - if (is_error_page(page)) {
> - srcu_read_unlock(&kvm->srcu, srcu_idx);
> - pr_err("Couldn't get queue page %llx!\n", kvm_eq.qaddr);
> - return -EINVAL;
> - }
>
> page_size = kvm_host_page_size(kvm, gfn);
> if (1ull << kvm_eq.qshift > page_size) {
> @@ -644,6 +638,13 @@ static int kvmppc_xive_native_set_queue_config(struct kvmppc_xive *xive,
> return -EINVAL;
> }
>
> + page = gfn_to_page(kvm, gfn);
> + if (is_error_page(page)) {
> + srcu_read_unlock(&kvm->srcu, srcu_idx);
> + pr_err("Couldn't get queue page %llx!\n", kvm_eq.qaddr);
> + return -EINVAL;
> + }
> +
> qaddr = page_to_virt(page) + (kvm_eq.qaddr & ~PAGE_MASK);
> srcu_read_unlock(&kvm->srcu, srcu_idx);
>
>
Powered by blists - more mailing lists