1 files changed, 39 insertions, 0 deletions
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2021-3544_3.patch b/meta/recipes-devtools/qemu/qemu/CVE-2021-3544_3.patch
new file mode 100644
index 0000000000..c534f4c24f
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2021-3544_3.patch
@@ -0,0 +1,39 @@
+vhost-user-gpu: fix memory leak while calling 'vg_resource_unref' (CVE-2021-3544)
+If the guest trigger following sequences, the attach_backing will be leaked:
+vg_resource_create_2d
+vg_resource_attach_backing
+vg_resource_unref
+This patch fix this by freeing 'res->iov' in vg_resource_destroy.
+Fixes: CVE-2021-3544
+Reported-by: default avatarLi Qiang <liq3ea@163.com>
+virtio-gpu fix: 5e8e3c4c
+("virtio-gpu: fix resource leak
+in virgl_cmd_resource_unref")
+Reviewed-by: default avatarPrasad J Pandit <pjp@fedoraproject.org>
+Signed-off-by: default avatarLi Qiang <liq3ea@163.com>
+Reviewed-by: Marc-André Lureau's avatarMarc-André Lureau <marcandre.lureau@redhat.com>
+Message-Id: <20210516030403.107723-5-liq3ea@163.com>
+Signed-off-by: Gerd Hoffmann's avatarGerd Hoffmann <kraxel@redhat.com>
+Upstream-Status: Backport
+CVE: CVE-2021-3544
+[vhost-user-gpu does not exist in the 4.2.0]
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+Index: qemu-4.2.0/contrib/vhost-user-gpu/main.c
+===================================================================
+--- qemu-4.2.0.orig/contrib/vhost-user-gpu/main.c
+++ qemu-4.2.0/contrib/vhost-user-gpu/main.c
+@@ -379,6 +379,7 @@ vg_resource_destroy(VuGpu *g,
+     }
+ 
+     vugbm_buffer_destroy(&res->buffer);
+    g_free(res->iov);
+     pixman_image_unref(res->image);
+     QTAILQ_REMOVE(&g->reslist, res, next);
+     g_free(res);

diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2021-3544_3.patch b/meta/recipes-devtools/qemu/qemu/CVE-2021-3544_3.patch new file mode 100644 index 0000000000..c534f4c24f --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/CVE-2021-3544_3.patch
@@ -0,0 +1,39 @@
	1	vhost-user-gpu: fix memory leak while calling 'vg_resource_unref' (CVE-2021-3544)
	2
	3	If the guest trigger following sequences, the attach_backing will be leaked:
	4
	5	vg_resource_create_2d
	6	vg_resource_attach_backing
	7	vg_resource_unref
	8
	9	This patch fix this by freeing 'res->iov' in vg_resource_destroy.
	10
	11	Fixes: CVE-2021-3544
	12	Reported-by: default avatarLi Qiang <liq3ea@163.com>
	13	virtio-gpu fix: 5e8e3c4c
	14
	15	("virtio-gpu: fix resource leak
	16	in virgl_cmd_resource_unref")
	17	Reviewed-by: default avatarPrasad J Pandit <pjp@fedoraproject.org>
	18	Signed-off-by: default avatarLi Qiang <liq3ea@163.com>
	19	Reviewed-by: Marc-André Lureau's avatarMarc-André Lureau <marcandre.lureau@redhat.com>
	20	Message-Id: <20210516030403.107723-5-liq3ea@163.com>
	21	Signed-off-by: Gerd Hoffmann's avatarGerd Hoffmann <kraxel@redhat.com>
	22
	23	Upstream-Status: Backport
	24	CVE: CVE-2021-3544
	25	[vhost-user-gpu does not exist in the 4.2.0]
	26	Signed-off-by: Armin Kuster <akuster@mvista.com>
	27
	28	Index: qemu-4.2.0/contrib/vhost-user-gpu/main.c
	29	===================================================================
	30	--- qemu-4.2.0.orig/contrib/vhost-user-gpu/main.c
	31	+++ qemu-4.2.0/contrib/vhost-user-gpu/main.c
	32	@@ -379,6 +379,7 @@ vg_resource_destroy(VuGpu *g,
	33	}
	34
	35	vugbm_buffer_destroy(&res->buffer);
	36	+ g_free(res->iov);
	37	pixman_image_unref(res->image);
	38	QTAILQ_REMOVE(&g->reslist, res, next);
	39	g_free(res);