File 0122-virtio-gpu-call-cleanup-mapping-fun.patch of Package qemu.6964

From 601af29fd9aa1bf8e737e87533beef5fcc2b83fb Mon Sep 17 00:00:00 2001
From: Li Qiang <liq3ea@gmail.com>
Date: Wed, 7 Dec 2016 12:39:24 -0700
Subject: [PATCH] virtio-gpu: call cleanup mapping function in resource destroy

If the guest destroy the resource before detach banking, the 'iov'
and 'addrs' field in resource is not freed thus leading memory
leak issue. This patch avoid this.

Signed-off-by: Li Qiang <liq3ea@gmail.com>
[BR: CVE-2016-9912 BSC#1014112]
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
 hw/display/virtio-gpu.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c
index f41afc7137..4ccc8bc5c3 100644
--- a/hw/display/virtio-gpu.c
+++ b/hw/display/virtio-gpu.c
@@ -23,6 +23,8 @@
 static struct virtio_gpu_simple_resource*
 virtio_gpu_find_resource(VirtIOGPU *g, uint32_t resource_id);
 
+static void virtio_gpu_cleanup_mapping(struct virtio_gpu_simple_resource *res);
+
 #ifdef CONFIG_VIRGL
 #include "virglrenderer.h"
 #define VIRGL(_g, _virgl, _simple, ...)                     \
@@ -349,6 +351,7 @@ static void virtio_gpu_resource_destroy(VirtIOGPU *g,
                                         struct virtio_gpu_simple_resource *res)
 {
     pixman_image_unref(res->image);
+    virtio_gpu_cleanup_mapping(res);
     QTAILQ_REMOVE(&g->reslist, res, next);
     g_free(res);
 }
openSUSE Build Service is sponsored by