summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSona Sarmadi <sona.sarmadi@enea.com>2017-03-03 12:51:42 +0100
committerRichard Purdie <richard.purdie@linuxfoundation.org>2017-03-08 11:52:57 +0000
commit0884c80070bf163f02d962335564a835deb6d90d (patch)
tree836f429cc2f8cca2840c413e1c92e0039fcbe2d6
parent5724b1e3d915d83e1d26e060ffcf5ce091102755 (diff)
downloadpoky-0884c80070bf163f02d962335564a835deb6d90d.tar.gz
qemu: display: CVE-2016-9912
virtio-gpu: memory leakage when destroying gpu resource Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9912 Reference to upstream patch: http://git.qemu-project.org/?p=qemu.git;a=patch;h=b8e23926c568f2e963af39028b71c472e3023793 (From OE-Core rev: 8bf7ade372b46b8a872661a7904fbaa30fa262a2) Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-devtools/qemu/qemu/CVE-2016-9912.patch45
-rw-r--r--meta/recipes-devtools/qemu/qemu_2.8.0.bb1
2 files changed, 46 insertions, 0 deletions
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2016-9912.patch b/meta/recipes-devtools/qemu/qemu/CVE-2016-9912.patch
new file mode 100644
index 0000000000..c009ffd96a
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2016-9912.patch
@@ -0,0 +1,45 @@
1From b8e23926c568f2e963af39028b71c472e3023793 Mon Sep 17 00:00:00 2001
2From: Li Qiang <liq3ea@gmail.com>
3Date: Mon, 28 Nov 2016 21:29:25 -0500
4Subject: [PATCH] virtio-gpu: call cleanup mapping function in resource destroy
5
6If the guest destroy the resource before detach banking, the 'iov'
7and 'addrs' field in resource is not freed thus leading memory
8leak issue. This patch avoid this.
9
10CVE: CVE-2016-9912
11Upstream-Status: Backport
12
13Signed-off-by: Li Qiang <liq3ea@gmail.com>
14Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
15Message-id: 1480386565-10077-1-git-send-email-liq3ea@gmail.com
16Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
17Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
18---
19 hw/display/virtio-gpu.c | 3 +++
20 1 file changed, 3 insertions(+)
21
22diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c
23index ed2b6d3..6a26258 100644
24--- a/hw/display/virtio-gpu.c
25+++ b/hw/display/virtio-gpu.c
26@@ -28,6 +28,8 @@
27 static struct virtio_gpu_simple_resource*
28 virtio_gpu_find_resource(VirtIOGPU *g, uint32_t resource_id);
29
30+static void virtio_gpu_cleanup_mapping(struct virtio_gpu_simple_resource *res);
31+
32 #ifdef CONFIG_VIRGL
33 #include <virglrenderer.h>
34 #define VIRGL(_g, _virgl, _simple, ...) \
35@@ -364,6 +366,7 @@ static void virtio_gpu_resource_destroy(VirtIOGPU *g,
36 struct virtio_gpu_simple_resource *res)
37 {
38 pixman_image_unref(res->image);
39+ virtio_gpu_cleanup_mapping(res);
40 QTAILQ_REMOVE(&g->reslist, res, next);
41 g->hostmem -= res->hostmem;
42 g_free(res);
43--
441.9.1
45
diff --git a/meta/recipes-devtools/qemu/qemu_2.8.0.bb b/meta/recipes-devtools/qemu/qemu_2.8.0.bb
index b8799d5cc2..19d7e8f658 100644
--- a/meta/recipes-devtools/qemu/qemu_2.8.0.bb
+++ b/meta/recipes-devtools/qemu/qemu_2.8.0.bb
@@ -29,6 +29,7 @@ SRC_URI += " \
29 file://0003-Introduce-condition-in-TPM-backend-for-notification.patch \ 29 file://0003-Introduce-condition-in-TPM-backend-for-notification.patch \
30 file://0004-Add-support-for-VM-suspend-resume-for-TPM-TIS.patch \ 30 file://0004-Add-support-for-VM-suspend-resume-for-TPM-TIS.patch \
31 file://CVE-2016-9908.patch \ 31 file://CVE-2016-9908.patch \
32 file://CVE-2016-9912.patch \
32" 33"
33 34
34SRC_URI_append_class-native = " \ 35SRC_URI_append_class-native = " \