From patchwork Thu Jul 25 14:41:46 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Luis Henriques X-Patchwork-Id: 261727 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) by ozlabs.org (Postfix) with ESMTP id F01862C00D5 for ; Fri, 26 Jul 2013 00:42:05 +1000 (EST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.76) (envelope-from ) id 1V2Mjq-00033x-84; Thu, 25 Jul 2013 14:41:54 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtp (Exim 4.76) (envelope-from ) id 1V2Mjj-00032m-D1 for kernel-team@lists.ubuntu.com; Thu, 25 Jul 2013 14:41:47 +0000 Received: from bl16-85-105.dsl.telepac.pt ([188.81.85.105] helo=localhost) by youngberry.canonical.com with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1V2Mjj-0005dW-5L; Thu, 25 Jul 2013 14:41:47 +0000 From: Luis Henriques To: "Michael S. Tsirkin" Subject: [ 3.5.y.z extended stable ] Patch "macvtap: fix recovery from gup errors" has been added to staging queue Date: Thu, 25 Jul 2013 15:41:46 +0100 Message-Id: <1374763306-17753-1-git-send-email-luis.henriques@canonical.com> X-Mailer: git-send-email 1.8.1.2 X-Extended-Stable: 3.5 Cc: Brad Hubbard , Jason Wang , "David S. Miller" , kernel-team@lists.ubuntu.com X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.14 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: kernel-team-bounces@lists.ubuntu.com This is a note to let you know that I have just added a patch titled macvtap: fix recovery from gup errors to the linux-3.5.y-queue branch of the 3.5.y.z extended stable tree which can be found at: http://kernel.ubuntu.com/git?p=ubuntu/linux.git;a=shortlog;h=refs/heads/linux-3.5.y-queue If you, or anyone else, feels it should not be added to this tree, please reply to this email. For more information about the 3.5.y.z tree, see https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable Thanks. -Luis ------ From f3ad44d723c09f29557beec634986a22565d171b Mon Sep 17 00:00:00 2001 From: "Michael S. Tsirkin" Date: Sun, 23 Jun 2013 17:26:58 +0300 Subject: [PATCH] macvtap: fix recovery from gup errors commit 4c7ab054ab4f5d63625508ed6f8a607184cae7c2 upstream. get user pages might fail partially in macvtap zero copy mode. To recover we need to put all pages that we got, but code used a wrong index resulting in double-free errors. Reported-by: Brad Hubbard Signed-off-by: Michael S. Tsirkin Acked-by: Jason Wang Signed-off-by: David S. Miller Signed-off-by: Luis Henriques --- drivers/net/macvtap.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) -- 1.8.1.2 diff --git a/drivers/net/macvtap.c b/drivers/net/macvtap.c index 2ee56de..d566234 100644 --- a/drivers/net/macvtap.c +++ b/drivers/net/macvtap.c @@ -534,8 +534,10 @@ static int zerocopy_sg_from_iovec(struct sk_buff *skb, const struct iovec *from, return -EMSGSIZE; num_pages = get_user_pages_fast(base, size, 0, &page[i]); if (num_pages != size) { - for (i = 0; i < num_pages; i++) - put_page(page[i]); + int j; + + for (j = 0; j < num_pages; j++) + put_page(page[i + j]); return -EFAULT; } truesize = size * PAGE_SIZE;