[Qemu-commits] [qemu/qemu] dd248e: virtio-gpu: fix memory leak in set sc

qemu-commits

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-commits] [qemu/qemu] dd248e: virtio-gpu: fix memory leak in set sc

From:	GitHub
Subject:	[Qemu-commits] [qemu/qemu] dd248e: virtio-gpu: fix memory leak in set scanout
Date:	Mon, 13 Feb 2017 03:45:10 -0800

  Branch: refs/heads/master
  Home:   https://github.com/qemu/qemu
  Commit: dd248ed7e204ee8a1873914e02b8b526e8f1b80d
      
https://github.com/qemu/qemu/commit/dd248ed7e204ee8a1873914e02b8b526e8f1b80d
  Author: Li Qiang <address@hidden>
  Date:   2017-02-10 (Fri, 10 Feb 2017)

  Changed paths:
    M hw/display/virtio-gpu.c

  Log Message:
  -----------
  virtio-gpu: fix memory leak in set scanout

In virtio_gpu_set_scanout function, when creating the 'rect'
its refcount is set to 2, by pixman_image_create_bits and
qemu_create_displaysurface_pixman function. This can lead
a memory leak issues. This patch avoid this issue.

Signed-off-by: Li Qiang <address@hidden>
Reviewed-by: Marc-André Lureau <address@hidden>
Message-id: address@hidden
Signed-off-by: Gerd Hoffmann <address@hidden>


  Commit: 5e8e3c4c75c199aa1017db816fca02be2a9f8798
      
https://github.com/qemu/qemu/commit/5e8e3c4c75c199aa1017db816fca02be2a9f8798
  Author: Gerd Hoffmann <address@hidden>
  Date:   2017-02-10 (Fri, 10 Feb 2017)

  Changed paths:
    M hw/display/virtio-gpu-3d.c

  Log Message:
  -----------
  virtio-gpu: fix resource leak in virgl_cmd_resource_unref

When the guest sends VIRTIO_GPU_CMD_RESOURCE_UNREF without detaching the
backing storage beforehand (VIRTIO_GPU_CMD_RESOURCE_DETACH_BACKING)
we'll leak memory.

This patch fixes it for 3d mode, simliar to the 2d mode fix in commit
"b8e2392 virtio-gpu: call cleanup mapping function in resource destroy".

Reported-by: 李强 <address@hidden>
Signed-off-by: Gerd Hoffmann <address@hidden>
Message-id: address@hidden


  Commit: cf7dabeebc36bfb93413f175234779f5bfb2c0b1
      
https://github.com/qemu/qemu/commit/cf7dabeebc36bfb93413f175234779f5bfb2c0b1
  Author: Gerd Hoffmann <address@hidden>
  Date:   2017-02-10 (Fri, 10 Feb 2017)

  Changed paths:
    M hw/display/trace-events
    M hw/display/vga.c

  Log Message:
  -----------
  vga: replace debug printf with trace points

Signed-off-by: Gerd Hoffmann <address@hidden>
Reviewed-by: Laurent Vivier <address@hidden>
Reviewed-by: Philippe Mathieu-Daudé <address@hidden>
Message-id: address@hidden


  Commit: ec87f206d708191abdd332fdfd48fc5b36da083c
      
https://github.com/qemu/qemu/commit/ec87f206d708191abdd332fdfd48fc5b36da083c
  Author: Gerd Hoffmann <address@hidden>
  Date:   2017-02-10 (Fri, 10 Feb 2017)

  Changed paths:
    M hw/display/cirrus_vga.c
    M hw/display/trace-events

  Log Message:
  -----------
  cirrus: replace debug printf with trace points

Signed-off-by: Gerd Hoffmann <address@hidden>
Reviewed-by: Laurent Vivier <address@hidden>
Reviewed-by: Philippe Mathieu-Daudé <address@hidden>
Message-id: address@hidden


  Commit: 95280c31cda79bb1d0968afc7b19a220b3a9d986
      
https://github.com/qemu/qemu/commit/95280c31cda79bb1d0968afc7b19a220b3a9d986
  Author: Gerd Hoffmann <address@hidden>
  Date:   2017-02-10 (Fri, 10 Feb 2017)

  Changed paths:
    M hw/display/cirrus_vga.c

  Log Message:
  -----------
  cirrus: fix patterncopy checks

The blit_region_is_unsafe checks don't work correctly for the
patterncopy source.  It's a fixed-sized region, which doesn't
depend on cirrus_blt_{width,height}.  So go do the check in
cirrus_bitblt_common_patterncopy instead, then tell blit_is_unsafe that
it doesn't need to verify the source.  Also handle the case where we
blit from cirrus_bitbuf correctly.

This patch replaces 5858dd1801883309bdd208d72ddb81c4e9fee30c.

Security impact:  I think for the most part error on the safe side this
time, refusing blits which should have been allowed.

Only exception is placing the blit source at the end of the video ram,
so cirrus_blt_srcaddr + 256 goes beyond the end of video memory.  But
even in that case I'm not fully sure this actually allows read access to
host memory.  To trick the commit 5858dd18 security checks one has to
pick very small cirrus_blt_{width,height} values, which in turn implies
only a fraction of the blit source will actually be used.

Cc: Wolfgang Bumiller <address@hidden>
Cc: Dr. David Alan Gilbert <address@hidden>
Signed-off-by: Gerd Hoffmann <address@hidden>
Reviewed-by: Dr. David Alan Gilbert <address@hidden>
Reviewed-by: Wolfgang Bumiller <address@hidden>
Reviewed-by: Laurent Vivier <address@hidden>
Message-id: address@hidden


  Commit: 12e97ec39931e5321645fd483ab761319d48bf16
      
https://github.com/qemu/qemu/commit/12e97ec39931e5321645fd483ab761319d48bf16
  Author: Gerd Hoffmann <address@hidden>
  Date:   2017-02-10 (Fri, 10 Feb 2017)

  Changed paths:
    M hw/display/cirrus_vga.c

  Log Message:
  -----------
  Revert "cirrus: allow zero source pitch in pattern fill rops"

This reverts commit 5858dd1801883309bdd208d72ddb81c4e9fee30c.

Conflicts:
        hw/display/cirrus_vga.c

Cc: Wolfgang Bumiller <address@hidden>
Cc: Dr. David Alan Gilbert <address@hidden>
Signed-off-by: Gerd Hoffmann <address@hidden>
Reviewed-by: Dr. David Alan Gilbert <address@hidden>
Reviewed-by: Laurent Vivier <address@hidden>
Message-id: address@hidden


  Commit: df96bfab49dab2d0373e49b51bbb51ce72e1601e
      
https://github.com/qemu/qemu/commit/df96bfab49dab2d0373e49b51bbb51ce72e1601e
  Author: Peter Maydell <address@hidden>
  Date:   2017-02-13 (Mon, 13 Feb 2017)

  Changed paths:
    M hw/display/cirrus_vga.c
    M hw/display/trace-events
    M hw/display/vga.c
    M hw/display/virtio-gpu-3d.c
    M hw/display/virtio-gpu.c

  Log Message:
  -----------
  Merge remote-tracking branch 'remotes/kraxel/tags/pull-vga-20170213-1' into 
staging

vga: bugfixes for cirrus and virtio-gpu

# gpg: Signature made Mon 13 Feb 2017 08:14:47 GMT
# gpg:                using RSA key 0x4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <address@hidden>"
# gpg:                 aka "Gerd Hoffmann <address@hidden>"
# gpg:                 aka "Gerd Hoffmann (private) <address@hidden>"
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/pull-vga-20170213-1:
  Revert "cirrus: allow zero source pitch in pattern fill rops"
  cirrus: fix patterncopy checks
  cirrus: replace debug printf with trace points
  vga: replace debug printf with trace points
  virtio-gpu: fix resource leak in virgl_cmd_resource_unref
  virtio-gpu: fix memory leak in set scanout

Signed-off-by: Peter Maydell <address@hidden>


Compare: https://github.com/qemu/qemu/compare/0b4384d0bb98...df96bfab49da

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-commits] [qemu/qemu] dd248e: virtio-gpu: fix memory leak in set scanout, GitHub <=

Prev by Date: [Qemu-commits] [qemu/qemu] b13523: iotests: Fix a problem in common.filter
Next by Date: [Qemu-commits] [qemu/qemu] 20f8a1: docs: update manpage for stderr->log rename
Previous by thread: [Qemu-commits] [qemu/qemu] b13523: iotests: Fix a problem in common.filter
Next by thread: [Qemu-commits] [qemu/qemu] 20f8a1: docs: update manpage for stderr->log rename
Index(es):
- Date
- Thread