Il 19/08/2014 13:14, zhanghailiang ha scritto: > The third parameter of kvm_iommu_put_pages is wrong, > It should be 'gfn-slot->base_gfn' This fixes a crash, doesn't it? Please mention it in the commit message, because we have to assign a CVE for this kind of issue. It will be CVE-2014-3601. I have learnt about this crash last week from Michael Tsirkin, whose patch also had the following hunk: diff --git a/virt/kvm/iommu.c b/virt/kvm/iommu.c index 0df7d4b34dfe..1e458a7d96f1 100644 --- a/virt/kvm/iommu.c +++ b/virt/kvm/iommu.c @@ -123,6 +123,7 @@ int kvm_iommu_map_pages(struct kvm *kvm, struct kvm_memory_slot *slot) if (r) { printk(KERN_ERR "kvm_iommu_map_address:" "iommu failed to map pfn=%llx\n", pfn); + kvm_unpin_pages(kvm, pfn, page_size); goto unmap_pages; } So I'm going to apply his instead. Thanks for the report, Paolo > Signed-off-by: zhanghailiang <zhang.zhanghailiang@xxxxxxxxxx> > --- > virt/kvm/iommu.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/virt/kvm/iommu.c b/virt/kvm/iommu.c > index 0df7d4b..c02f9a3 100644 > --- a/virt/kvm/iommu.c > +++ b/virt/kvm/iommu.c > @@ -134,7 +134,7 @@ int kvm_iommu_map_pages(struct kvm *kvm, struct kvm_memory_slot *slot) > return 0; > > unmap_pages: > - kvm_iommu_put_pages(kvm, slot->base_gfn, gfn); > + kvm_iommu_put_pages(kvm, slot->base_gfn, gfn - slot->base_gfn); > return r; > } > > -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html