summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSona Sarmadi <sona.sarmadi@enea.com>2017-05-16 11:05:36 (GMT)
committerAdrian Dudau <adrian.dudau@enea.com>2017-05-19 12:32:39 (GMT)
commitcb2cf64b0b33e70b8f017b8757f8d4dd0ba10431 (patch)
tree0fa18a7de02fa02ab271814ad6c5cdbaf6e62cba
parenta71ba5142cd82c4d9390b726773ef75d92ef672a (diff)
downloadpoky-cb2cf64b0b33e70b8f017b8757f8d4dd0ba10431.tar.gz
qemu: display: CVE-2016-9912
virtio-gpu: memory leakage when destroying gpu resource Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9912 Reference to upstream patch: http://git.qemu-project.org/?p=qemu.git;a=patch;h=b8e23926c568f2e963af39028b71c472e3023793 (From OE-Core rev: 8bf7ade372b46b8a872661a7904fbaa30fa262a2) Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
-rw-r--r--meta/recipes-devtools/qemu/qemu/CVE-2016-9912.patch45
-rw-r--r--meta/recipes-devtools/qemu/qemu_2.8.0.bb1
2 files changed, 46 insertions, 0 deletions
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2016-9912.patch b/meta/recipes-devtools/qemu/qemu/CVE-2016-9912.patch
new file mode 100644
index 0000000..c009ffd
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2016-9912.patch
@@ -0,0 +1,45 @@
1From b8e23926c568f2e963af39028b71c472e3023793 Mon Sep 17 00:00:00 2001
2From: Li Qiang <liq3ea@gmail.com>
3Date: Mon, 28 Nov 2016 21:29:25 -0500
4Subject: [PATCH] virtio-gpu: call cleanup mapping function in resource destroy
5
6If the guest destroy the resource before detach banking, the 'iov'
7and 'addrs' field in resource is not freed thus leading memory
8leak issue. This patch avoid this.
9
10CVE: CVE-2016-9912
11Upstream-Status: Backport
12
13Signed-off-by: Li Qiang <liq3ea@gmail.com>
14Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
15Message-id: 1480386565-10077-1-git-send-email-liq3ea@gmail.com
16Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
17Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
18---
19 hw/display/virtio-gpu.c | 3 +++
20 1 file changed, 3 insertions(+)
21
22diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c
23index ed2b6d3..6a26258 100644
24--- a/hw/display/virtio-gpu.c
25+++ b/hw/display/virtio-gpu.c
26@@ -28,6 +28,8 @@
27 static struct virtio_gpu_simple_resource*
28 virtio_gpu_find_resource(VirtIOGPU *g, uint32_t resource_id);
29
30+static void virtio_gpu_cleanup_mapping(struct virtio_gpu_simple_resource *res);
31+
32 #ifdef CONFIG_VIRGL
33 #include <virglrenderer.h>
34 #define VIRGL(_g, _virgl, _simple, ...) \
35@@ -364,6 +366,7 @@ static void virtio_gpu_resource_destroy(VirtIOGPU *g,
36 struct virtio_gpu_simple_resource *res)
37 {
38 pixman_image_unref(res->image);
39+ virtio_gpu_cleanup_mapping(res);
40 QTAILQ_REMOVE(&g->reslist, res, next);
41 g->hostmem -= res->hostmem;
42 g_free(res);
43--
441.9.1
45
diff --git a/meta/recipes-devtools/qemu/qemu_2.8.0.bb b/meta/recipes-devtools/qemu/qemu_2.8.0.bb
index 69d4f28..6129356 100644
--- a/meta/recipes-devtools/qemu/qemu_2.8.0.bb
+++ b/meta/recipes-devtools/qemu/qemu_2.8.0.bb
@@ -10,6 +10,7 @@ SRC_URI += "file://configure-fix-Darwin-target-detection.patch \
10 file://qemu-2.5.0-cflags.patch \ 10 file://qemu-2.5.0-cflags.patch \
11 file://target-ppc-fix-user-mode.patch \ 11 file://target-ppc-fix-user-mode.patch \
12 file://CVE-2016-9908.patch \ 12 file://CVE-2016-9908.patch \
13 file://CVE-2016-9912.patch \
13" 14"
14 15
15SRC_URI =+ "http://wiki.qemu-project.org/download/${BP}.tar.bz2" 16SRC_URI =+ "http://wiki.qemu-project.org/download/${BP}.tar.bz2"