[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH 0/7] vhost-user-gpu: fix several security issues
From: |
Philippe Mathieu-Daudé |
Subject: |
Re: [PATCH 0/7] vhost-user-gpu: fix several security issues |
Date: |
Mon, 10 May 2021 21:25:12 +0200 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.8.1 |
On 5/5/21 11:35 AM, Marc-André Lureau wrote:
> Hi
>
> On Wed, May 5, 2021 at 1:28 PM Li Qiang <liq3ea@gmail.com
> <mailto:liq3ea@gmail.com>> wrote:
>
> Marc-André Lureau <marcandre.lureau@gmail.com
> <mailto:marcandre.lureau@gmail.com>> 于2021年5月5日周三 下午5:10写道:
> >
> > Hi
> >
> > On Wed, May 5, 2021 at 9:21 AM Li Qiang <liq3ea@163.com
> <mailto:liq3ea@163.com>> wrote:
> >>
> >> These security issue is low severity and is similar with the
> >> virtio-vga/virtio-gpu device. All of them can be triggered by
> >> the guest user.
> >>
> >> Li Qiang (7):
> >> vhost-user-gpu: fix memory disclosure in virgl_cmd_get_capset_info
> >> vhost-user-gpu: fix resource leak in 'vg_resource_create_2d'
> >> vhost-user-gpu: fix memory leak in vg_resource_attach_backing
> >> vhost-user-gpu: fix memory link while calling 'vg_resource_unref'
> >> vhost-user-gpu: fix memory leak in 'virgl_cmd_resource_unref'
> >> vhost-user-gpu: fix memory leak in 'virgl_resource_attach_backing'
> >> vhost-user-gpu: fix OOB write in 'virgl_cmd_get_capset'
> >>
> >> contrib/vhost-user-gpu/vhost-user-gpu.c | 7 +++++++
> >> contrib/vhost-user-gpu/virgl.c | 17 ++++++++++++++++-
> >> 2 files changed, 23 insertions(+), 1 deletion(-)
> >>
> >> --
> >
> >
> > The whole series looks good to me, and applies fixes that were
> done earlier in virtio-gpu.
>
> Do you mean you have merged this series?
> Should I tweak something such as "adding the original fix in
> virtio-gpu"/"better mapping iov cleanup"?
Yes, and please also mention the corresponding CVE (CVE-2021-3544,
CVE-2021-3545, CVE-2021-3546).
>
>
> No I didn't. I was waiting for the answers to Prasad questions, and
> eventually v2.
>
> Then either Gerd or me can queue this imho.
>
> --
> Marc-André Lureau
- Re: [PATCH 3/7] vhost-user-gpu: fix memory leak in vg_resource_attach_backing, (continued)
Re: [PATCH 0/7] vhost-user-gpu: fix several security issues, Marc-André Lureau, 2021/05/05