On 25.08.2022 14:10, Juergen Gross wrote:
> On 25.08.22 13:58, Jan Beulich wrote:
>> On 25.08.2022 13:40, Juergen Gross wrote:
>>> --- a/drivers/xen/privcmd.c
>>> +++ b/drivers/xen/privcmd.c
>>> @@ -581,7 +581,7 @@ static int lock_pages(
>>> struct privcmd_dm_op_buf kbufs[], unsigned int num,
>
On 25.08.22 13:58, Jan Beulich wrote:
On 25.08.2022 13:40, Juergen Gross wrote:
--- a/drivers/xen/privcmd.c
+++ b/drivers/xen/privcmd.c
@@ -581,7 +581,7 @@ static int lock_pages(
struct privcmd_dm_op_buf kbufs[], unsigned int num,
struct page *pages[], unsigned int nr_pages, unsi
On 25.08.2022 13:40, Juergen Gross wrote:
> --- a/drivers/xen/privcmd.c
> +++ b/drivers/xen/privcmd.c
> @@ -581,7 +581,7 @@ static int lock_pages(
> struct privcmd_dm_op_buf kbufs[], unsigned int num,
> struct page *pages[], unsigned int nr_pages, unsigned int *pinned)
> {
> - unsi
The error exit of privcmd_ioctl_dm_op() is calling unlock_pages()
potentially with pages being NULL, leading to a NULL dereference.
Additionally lock_pages() doesn't check for pin_user_pages_fast()
having been completely successful, resulting in potentially not
locking all pages into memory. This
