Overview

File 0122-virtio-gpu-call-cleanup-mapping-fun.patch of Package qemu.29142

From: Li Qiang <liq3ea@gmail.com>
Date: Wed, 7 Dec 2016 12:39:24 -0700
Subject: virtio-gpu: call cleanup mapping function in resource destroy

If the guest destroy the resource before detach banking, the 'iov'
and 'addrs' field in resource is not freed thus leading memory
leak issue. This patch avoid this.

Signed-off-by: Li Qiang <liq3ea@gmail.com>
[BR: CVE-2016-9912 BSC#1014112]
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
 hw/display/virtio-gpu.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c
index f41afc7137b21e6804b4cd32d60c..4ccc8bc5c3986d2cf278f1c91ea9 100644
--- a/hw/display/virtio-gpu.c
+++ b/hw/display/virtio-gpu.c
@@ -23,6 +23,8 @@
 static struct virtio_gpu_simple_resource*
 virtio_gpu_find_resource(VirtIOGPU *g, uint32_t resource_id);
 
+static void virtio_gpu_cleanup_mapping(struct virtio_gpu_simple_resource *res);
+
 #ifdef CONFIG_VIRGL
 #include "virglrenderer.h"
 #define VIRGL(_g, _virgl, _simple, ...)                     \
@@ -349,6 +351,7 @@ static void virtio_gpu_resource_destroy(VirtIOGPU *g,
                                         struct virtio_gpu_simple_resource *res)
 {
     pixman_image_unref(res->image);
+    virtio_gpu_cleanup_mapping(res);
     QTAILQ_REMOVE(&g->reslist, res, next);
     g_free(res);
 }
openSUSE Build Service is sponsored by
Places