[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH 0/7] vhost-user-gpu: fix several security issues
From: |
Li Qiang |
Subject: |
Re: [PATCH 0/7] vhost-user-gpu: fix several security issues |
Date: |
Tue, 11 May 2021 10:49:49 +0800 |
Philippe Mathieu-Daudé <philmd@redhat.com> 于2021年5月11日周二 上午3:25写道:
>
> On 5/5/21 11:35 AM, Marc-André Lureau wrote:
> > Hi
> >
> > On Wed, May 5, 2021 at 1:28 PM Li Qiang <liq3ea@gmail.com
> > <mailto:liq3ea@gmail.com>> wrote:
> >
> > Marc-André Lureau <marcandre.lureau@gmail.com
> > <mailto:marcandre.lureau@gmail.com>> 于2021年5月5日周三 下午5:10写道:
> > >
> > > Hi
> > >
> > > On Wed, May 5, 2021 at 9:21 AM Li Qiang <liq3ea@163.com
> > <mailto:liq3ea@163.com>> wrote:
> > >>
> > >> These security issue is low severity and is similar with the
> > >> virtio-vga/virtio-gpu device. All of them can be triggered by
> > >> the guest user.
> > >>
> > >> Li Qiang (7):
> > >> vhost-user-gpu: fix memory disclosure in virgl_cmd_get_capset_info
> > >> vhost-user-gpu: fix resource leak in 'vg_resource_create_2d'
> > >> vhost-user-gpu: fix memory leak in vg_resource_attach_backing
> > >> vhost-user-gpu: fix memory link while calling 'vg_resource_unref'
> > >> vhost-user-gpu: fix memory leak in 'virgl_cmd_resource_unref'
> > >> vhost-user-gpu: fix memory leak in 'virgl_resource_attach_backing'
> > >> vhost-user-gpu: fix OOB write in 'virgl_cmd_get_capset'
> > >>
> > >> contrib/vhost-user-gpu/vhost-user-gpu.c | 7 +++++++
> > >> contrib/vhost-user-gpu/virgl.c | 17 ++++++++++++++++-
> > >> 2 files changed, 23 insertions(+), 1 deletion(-)
> > >>
> > >> --
> > >
> > >
> > > The whole series looks good to me, and applies fixes that were
> > done earlier in virtio-gpu.
> >
> > Do you mean you have merged this series?
> > Should I tweak something such as "adding the original fix in
> > virtio-gpu"/"better mapping iov cleanup"?
>
> Yes, and please also mention the corresponding CVE (CVE-2021-3544,
> CVE-2021-3545, CVE-2021-3546).
>
OK, I'm still waiting for the some of the patch's response from
Prasad. Kindly ping @Prasad
Thanks,
Li Qiang
> >
> >
> > No I didn't. I was waiting for the answers to Prasad questions, and
> > eventually v2.
> >
> > Then either Gerd or me can queue this imho.
> >
> > --
> > Marc-André Lureau
>
- Re: [PATCH 3/7] vhost-user-gpu: fix memory leak in vg_resource_attach_backing, (continued)
Re: [PATCH 0/7] vhost-user-gpu: fix several security issues, Marc-André Lureau, 2021/05/05