Re: [PATCH 13/14] kvm: fix excessive pages un-pinning in kvm_iommu_map error path.

[Quentin Casasnovas]

On Fri, Oct 24, 2014 at 05:07:24PM +0200, Paolo Bonzini wrote:
> From: Quentin Casasnovas <quentin.casasnovas@xxxxxxxxxx>
> 
> The third parameter of kvm_unpin_pages() when called from
> kvm_iommu_map_pages() is wrong, it should be the number of pages to un-pin
> and not the page size.
> 

This got assigned CVE-2014-8369.

Quentin
> --- Begin Message ---
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> > While reviewing Red Hat 6.6 kernel patches to prepare Ksplice rebootless
> > updates, we've stumbled accross a potential issue with the upstream fix for
> > CVE-2014-3601:
>
> > 350b8bd kvm: iommu: fix the third parameter of kvm_iommu_put_pages (CVE-2014-3601)
>
> > The above commit is supposed to prevent extra pages un-pinning _and_ fix a
> > memory leak, but by fixing the memory leak in the error path, it likely
> > introduces way more unwanted un-pinning
>
> Use CVE-2014-8369.
>
> - -- 
> CVE assignment team, MITRE CVE Numbering Authority
> M/S M300
> 202 Burlington Road, Bedford, MA 01730 USA
> [ PGP key available through http://cve.mitre.org/cve/request_id.html ]
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.14 (SunOS)
>
> iQEcBAEBAgAGBQJURhP+AAoJEKllVAevmvmsnXAH/AjUWd/JB2f73+6N8rjNTL0u
> Hn/FrVNRdML+g1bQJ263PnHCSS7Ix92nDKiQZ6BdE9k9hOOiNIrfEO+JZhgZzS40
> cGZNO13SttajyA1FEUrQWC8y6rvcBuMMZOzIaAOrfeT/QmfgY554jSzb0yIoIOs5
> RKHlfqxvUR42RjQf96S3RT/ey6P00sHW54RUs2evPHA9ec57g5EARSeoh9mpkozT
> Q1S/ByHqdkvjP+lTE4swfYw9HO6vUNixMosOc4Us5fAZ0EvLDkwEWUdc88FJZl6s
> faiJf5MAMePPE1kFNpvBaWl8umu5OTz46oHg+GV/lmA7SRIimPd0QaqL6G1tF3M=
> =XEZP
> -----END PGP SIGNATURE-----
>
> --- End Message ---