[Qemu-devel] net: vmxnet3: memory leakage issue

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] net: vmxnet3: memory leakage issue

From:	P J P
Subject:	[Qemu-devel] net: vmxnet3: memory leakage issue
Date:	Wed, 2 Dec 2015 17:47:47 +0530 (IST)

  Hello Dmitry, all

A memory leakage issue was reported by Mr Qinghao Tang, CC'd here.

In that, the Qemu VMXNET3 paravirtual device emulator does not check if thedevice is already active, before activating it. This leads to host memoryleakage via calls to vmxnet_tx_pkt_init(), which calls g_malloc0().


===
static void vmxnet3_activate_device(VMXNET3State *s)
{
   ...
   /* Preallocate TX packet wrapper */
   VMW_CFPRN("Max TX fragments is %u", s->max_tx_frags);
   vmxnet_tx_pkt_init(&s->tx_pkt, s->max_tx_frags, s->peer_has_vhdr);
   ...
}
===

A malicious guest driver could use this flaw to leak excessive memory on thehost, eventually killing the Qemu process.

Please see attached herein is a proposed (tested)patch which fixes this issue.Please let me know if it's okay or requires any changes.


Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F

0001-net-vmxnet3-avoid-multiple-activations-of-device.patch
Description: Text document

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] net: vmxnet3: memory leakage issue, P J P <=
- Re: [Qemu-devel] net: vmxnet3: memory leakage issue, Dmitry Fleytman, 2015/12/03
  - Re: [Qemu-devel] net: vmxnet3: memory leakage issue, P J P, 2015/12/03
  - Re: [Qemu-devel] net: vmxnet3: memory leakage issue, Jason Wang, 2015/12/03
    - Re: [Qemu-devel] net: vmxnet3: memory leakage issue, P J P, 2015/12/08
    - Re: [Qemu-devel] net: vmxnet3: memory leakage issue, P J P, 2015/12/09
    - Re: [Qemu-devel] net: vmxnet3: memory leakage issue, Jason Wang, 2015/12/11
    - Re: [Qemu-devel] net: vmxnet3: memory leakage issue, Dmitry Fleytman, 2015/12/11
    - Re: [Qemu-devel] net: vmxnet3: memory leakage issue, P J P, 2015/12/11
    - Re: [Qemu-devel] net: vmxnet3: memory leakage issue, Dmitry Fleytman, 2015/12/13
    - Re: [Qemu-devel] net: vmxnet3: memory leakage issue, Dmitry Fleytman, 2015/12/13

Prev by Date: Re: [Qemu-devel] [PATCH v2 0/8] Add system_powerdown support on ARM for ACPI and DT
Next by Date: Re: [Qemu-devel] [PATCH v2 1/9] drivers/hv: replace enum hv_message_type by u32
Previous by thread: Re: [Qemu-devel] [PATCH v2 0/8] Add system_powerdown support on ARM for ACPI and DT
Next by thread: Re: [Qemu-devel] net: vmxnet3: memory leakage issue
Index(es):
- Date
- Thread