[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH 58/64] vhost-user-gpu: fix memory leak while calling 'vg_resource
From: |
Michael Roth |
Subject: |
[PATCH 58/64] vhost-user-gpu: fix memory leak while calling 'vg_resource_unref' (CVE-2021-3544) |
Date: |
Tue, 19 Oct 2021 09:09:38 -0500 |
From: Li Qiang <liq3ea@163.com>
If the guest trigger following sequences, the attach_backing will be leaked:
vg_resource_create_2d
vg_resource_attach_backing
vg_resource_unref
This patch fix this by freeing 'res->iov' in vg_resource_destroy.
Fixes: CVE-2021-3544
Reported-by: Li Qiang <liq3ea@163.com>
virtio-gpu fix: 5e8e3c4c75 ("virtio-gpu: fix resource leak
in virgl_cmd_resource_unref")
Reviewed-by: Prasad J Pandit <pjp@fedoraproject.org>
Signed-off-by: Li Qiang <liq3ea@163.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20210516030403.107723-5-liq3ea@163.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit b7afebcf9e6ecf3cf9b5a9b9b731ed04bca6aa3e)
Signed-off-by: Michael Roth <michael.roth@amd.com>
---
contrib/vhost-user-gpu/vhost-user-gpu.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/contrib/vhost-user-gpu/vhost-user-gpu.c
b/contrib/vhost-user-gpu/vhost-user-gpu.c
index 0437e52b64..770dfad529 100644
--- a/contrib/vhost-user-gpu/vhost-user-gpu.c
+++ b/contrib/vhost-user-gpu/vhost-user-gpu.c
@@ -400,6 +400,7 @@ vg_resource_destroy(VuGpu *g,
}
vugbm_buffer_destroy(&res->buffer);
+ g_free(res->iov);
pixman_image_unref(res->image);
QTAILQ_REMOVE(&g->reslist, res, next);
g_free(res);
--
2.25.1
- [PATCH 49/64] qemu-nbd: Change default cache mode to writeback, (continued)
- [PATCH 49/64] qemu-nbd: Change default cache mode to writeback, Michael Roth, 2021/10/19
- [PATCH 50/64] hmp: Unbreak "change vnc", Michael Roth, 2021/10/19
- [PATCH 04/64] monitor/qmp: fix race on CHR_EVENT_CLOSED without OOB, Michael Roth, 2021/10/19
- [PATCH 51/64] virtio-mem-pci: Fix memory leak when creating MEMORY_DEVICE_SIZE_CHANGE event, Michael Roth, 2021/10/19
- [PATCH 52/64] uas: add stream number sanity checks., Michael Roth, 2021/10/19
- [PATCH 53/64] usb/redir: avoid dynamic stack allocation (CVE-2021-3527), Michael Roth, 2021/10/19
- [PATCH 54/64] usb: limit combined packets to 1 MiB (CVE-2021-3527), Michael Roth, 2021/10/19
- [PATCH 55/64] vhost-user-gpu: fix memory disclosure in virgl_cmd_get_capset_info (CVE-2021-3545), Michael Roth, 2021/10/19
- [PATCH 56/64] vhost-user-gpu: fix resource leak in 'vg_resource_create_2d' (CVE-2021-3544), Michael Roth, 2021/10/19
- [PATCH 57/64] vhost-user-gpu: fix memory leak in vg_resource_attach_backing (CVE-2021-3544), Michael Roth, 2021/10/19
- [PATCH 58/64] vhost-user-gpu: fix memory leak while calling 'vg_resource_unref' (CVE-2021-3544),
Michael Roth <=
- [PATCH 59/64] vhost-user-gpu: fix memory leak in 'virgl_cmd_resource_unref' (CVE-2021-3544), Michael Roth, 2021/10/19
- [PATCH 05/64] migration/rdma: Fix cm_event used before being initialized, Michael Roth, 2021/10/19
- [PATCH 60/64] vhost-user-gpu: fix memory leak in 'virgl_resource_attach_backing' (CVE-2021-3544), Michael Roth, 2021/10/19
- [PATCH 61/64] vhost-user-gpu: fix OOB write in 'virgl_cmd_get_capset' (CVE-2021-3546), Michael Roth, 2021/10/19
- [PATCH 62/64] hw/rdma: Fix possible mremap overflow in the pvrdma device (CVE-2021-3582), Michael Roth, 2021/10/19
- [PATCH 63/64] pvrdma: Ensure correct input on ring init (CVE-2021-3607), Michael Roth, 2021/10/19
- [PATCH 64/64] pvrdma: Fix the ring init error flow (CVE-2021-3608), Michael Roth, 2021/10/19
- [PATCH 06/64] target/i386: Exit tb after wrmsr, Michael Roth, 2021/10/19
- [PATCH 07/64] target/ppc: Fix load endianness for lxvwsx/lxvdsx, Michael Roth, 2021/10/19
- [PATCH 08/64] vl: allow not specifying size in -m when using -M memory-backend, Michael Roth, 2021/10/19