[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] net: vmxnet3: memory leakage issue
|
From: |
Jason Wang |
|
Subject: |
Re: [Qemu-devel] net: vmxnet3: memory leakage issue |
|
Date: |
Fri, 4 Dec 2015 10:22:26 +0800 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0 |
On 12/02/2015 08:17 PM, P J P wrote:
> Hello Dmitry, all
>
> A memory leakage issue was reported by Mr Qinghao Tang, CC'd here.
>
> In that, the Qemu VMXNET3 paravirtual device emulator does not check
> if the device is already active, before activating it. This leads to
> host memory leakage via calls to vmxnet_tx_pkt_init(), which calls
> g_malloc0().
>
> ===
> static void vmxnet3_activate_device(VMXNET3State *s)
> {
> ...
> /* Preallocate TX packet wrapper */
> VMW_CFPRN("Max TX fragments is %u", s->max_tx_frags);
> vmxnet_tx_pkt_init(&s->tx_pkt, s->max_tx_frags, s->peer_has_vhdr);
> ...
> }
> ===
>
> A malicious guest driver could use this flaw to leak excessive memory
> on the host, eventually killing the Qemu process.
>
> Please see attached herein is a proposed (tested)patch which fixes
> this issue. Please let me know if it's okay or requires any changes.
>
> Thank you.
> --
> Prasad J Pandit / Red Hat Product Security Team
> 47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F
What if, guest de-active the device before re-active it?
Looks like it could be done through methods:
1) VMXNET3_CMD_QUIESCE_DEV
2) VMXNET3_REG_DSAL
So looks like need to free both tx_pkt and rx_pkt during deactivating?
- Re: [Qemu-devel] net: vmxnet3: memory leakage issue, (continued)
- Re: [Qemu-devel] net: vmxnet3: memory leakage issue, Dmitry Fleytman, 2015/12/13
- Re: [Qemu-devel] net: vmxnet3: memory leakage issue, P J P, 2015/12/14
- Re: [Qemu-devel] net: vmxnet3: memory leakage issue, Dmitry Fleytman, 2015/12/14
- Re: [Qemu-devel] net: vmxnet3: memory leakage issue, P J P, 2015/12/15
- Re: [Qemu-devel] net: vmxnet3: memory leakage issue, Dmitry Fleytman, 2015/12/15
- Re: [Qemu-devel] net: vmxnet3: memory leakage issue, P J P, 2015/12/15
- Re: [Qemu-devel] net: vmxnet3: memory leakage issue, Jason Wang, 2015/12/15
- Re: [Qemu-devel] net: vmxnet3: memory leakage issue, P J P, 2015/12/15
- Re: [Qemu-devel] net: vmxnet3: memory leakage issue, Miao Yan, 2015/12/15
- Re: [Qemu-devel] net: vmxnet3: memory leakage issue, P J P, 2015/12/15
Re: [Qemu-devel] net: vmxnet3: memory leakage issue,
Jason Wang <=