| Message ID | 20210505045824.33880-1-liq3ea@163.com (mailing list archive) |
|---|---|
| Headers | show |
| Series | vhost-user-gpu: fix several security issues | expand |
Hi On Wed, May 5, 2021 at 9:21 AM Li Qiang <liq3ea@163.com> wrote: > These security issue is low severity and is similar with the > virtio-vga/virtio-gpu device. All of them can be triggered by > the guest user. > > Li Qiang (7): > vhost-user-gpu: fix memory disclosure in virgl_cmd_get_capset_info > vhost-user-gpu: fix resource leak in 'vg_resource_create_2d' > vhost-user-gpu: fix memory leak in vg_resource_attach_backing > vhost-user-gpu: fix memory link while calling 'vg_resource_unref' > vhost-user-gpu: fix memory leak in 'virgl_cmd_resource_unref' > vhost-user-gpu: fix memory leak in 'virgl_resource_attach_backing' > vhost-user-gpu: fix OOB write in 'virgl_cmd_get_capset' > > contrib/vhost-user-gpu/vhost-user-gpu.c | 7 +++++++ > contrib/vhost-user-gpu/virgl.c | 17 ++++++++++++++++- > 2 files changed, 23 insertions(+), 1 deletion(-) > > -- > The whole series looks good to me, and applies fixes that were done earlier in virtio-gpu. Thanks
Marc-André Lureau <marcandre.lureau@gmail.com> 于2021年5月5日周三 下午5:10写道: > > Hi > > On Wed, May 5, 2021 at 9:21 AM Li Qiang <liq3ea@163.com> wrote: >> >> These security issue is low severity and is similar with the >> virtio-vga/virtio-gpu device. All of them can be triggered by >> the guest user. >> >> Li Qiang (7): >> vhost-user-gpu: fix memory disclosure in virgl_cmd_get_capset_info >> vhost-user-gpu: fix resource leak in 'vg_resource_create_2d' >> vhost-user-gpu: fix memory leak in vg_resource_attach_backing >> vhost-user-gpu: fix memory link while calling 'vg_resource_unref' >> vhost-user-gpu: fix memory leak in 'virgl_cmd_resource_unref' >> vhost-user-gpu: fix memory leak in 'virgl_resource_attach_backing' >> vhost-user-gpu: fix OOB write in 'virgl_cmd_get_capset' >> >> contrib/vhost-user-gpu/vhost-user-gpu.c | 7 +++++++ >> contrib/vhost-user-gpu/virgl.c | 17 ++++++++++++++++- >> 2 files changed, 23 insertions(+), 1 deletion(-) >> >> -- > > > The whole series looks good to me, and applies fixes that were done earlier in virtio-gpu. Do you mean you have merged this series? Should I tweak something such as "adding the original fix in virtio-gpu"/"better mapping iov cleanup"? Thanks, Li Qiang > > Thanks > > > -- > Marc-André Lureau
Hi On Wed, May 5, 2021 at 1:28 PM Li Qiang <liq3ea@gmail.com> wrote: > Marc-André Lureau <marcandre.lureau@gmail.com> 于2021年5月5日周三 下午5:10写道: > > > > Hi > > > > On Wed, May 5, 2021 at 9:21 AM Li Qiang <liq3ea@163.com> wrote: > >> > >> These security issue is low severity and is similar with the > >> virtio-vga/virtio-gpu device. All of them can be triggered by > >> the guest user. > >> > >> Li Qiang (7): > >> vhost-user-gpu: fix memory disclosure in virgl_cmd_get_capset_info > >> vhost-user-gpu: fix resource leak in 'vg_resource_create_2d' > >> vhost-user-gpu: fix memory leak in vg_resource_attach_backing > >> vhost-user-gpu: fix memory link while calling 'vg_resource_unref' > >> vhost-user-gpu: fix memory leak in 'virgl_cmd_resource_unref' > >> vhost-user-gpu: fix memory leak in 'virgl_resource_attach_backing' > >> vhost-user-gpu: fix OOB write in 'virgl_cmd_get_capset' > >> > >> contrib/vhost-user-gpu/vhost-user-gpu.c | 7 +++++++ > >> contrib/vhost-user-gpu/virgl.c | 17 ++++++++++++++++- > >> 2 files changed, 23 insertions(+), 1 deletion(-) > >> > >> -- > > > > > > The whole series looks good to me, and applies fixes that were done > earlier in virtio-gpu. > > Do you mean you have merged this series? > Should I tweak something such as "adding the original fix in > virtio-gpu"/"better mapping iov cleanup"? > > No I didn't. I was waiting for the answers to Prasad questions, and eventually v2. Then either Gerd or me can queue this imho.
On 5/5/21 11:35 AM, Marc-André Lureau wrote: > Hi > > On Wed, May 5, 2021 at 1:28 PM Li Qiang <liq3ea@gmail.com > <mailto:liq3ea@gmail.com>> wrote: > > Marc-André Lureau <marcandre.lureau@gmail.com > <mailto:marcandre.lureau@gmail.com>> 于2021年5月5日周三 下午5:10写道: > > > > Hi > > > > On Wed, May 5, 2021 at 9:21 AM Li Qiang <liq3ea@163.com > <mailto:liq3ea@163.com>> wrote: > >> > >> These security issue is low severity and is similar with the > >> virtio-vga/virtio-gpu device. All of them can be triggered by > >> the guest user. > >> > >> Li Qiang (7): > >> vhost-user-gpu: fix memory disclosure in virgl_cmd_get_capset_info > >> vhost-user-gpu: fix resource leak in 'vg_resource_create_2d' > >> vhost-user-gpu: fix memory leak in vg_resource_attach_backing > >> vhost-user-gpu: fix memory link while calling 'vg_resource_unref' > >> vhost-user-gpu: fix memory leak in 'virgl_cmd_resource_unref' > >> vhost-user-gpu: fix memory leak in 'virgl_resource_attach_backing' > >> vhost-user-gpu: fix OOB write in 'virgl_cmd_get_capset' > >> > >> contrib/vhost-user-gpu/vhost-user-gpu.c | 7 +++++++ > >> contrib/vhost-user-gpu/virgl.c | 17 ++++++++++++++++- > >> 2 files changed, 23 insertions(+), 1 deletion(-) > >> > >> -- > > > > > > The whole series looks good to me, and applies fixes that were > done earlier in virtio-gpu. > > Do you mean you have merged this series? > Should I tweak something such as "adding the original fix in > virtio-gpu"/"better mapping iov cleanup"? Yes, and please also mention the corresponding CVE (CVE-2021-3544, CVE-2021-3545, CVE-2021-3546). > > > No I didn't. I was waiting for the answers to Prasad questions, and > eventually v2. > > Then either Gerd or me can queue this imho. > > -- > Marc-André Lureau
Philippe Mathieu-Daudé <philmd@redhat.com> 于2021年5月11日周二 上午3:25写道: > > On 5/5/21 11:35 AM, Marc-André Lureau wrote: > > Hi > > > > On Wed, May 5, 2021 at 1:28 PM Li Qiang <liq3ea@gmail.com > > <mailto:liq3ea@gmail.com>> wrote: > > > > Marc-André Lureau <marcandre.lureau@gmail.com > > <mailto:marcandre.lureau@gmail.com>> 于2021年5月5日周三 下午5:10写道: > > > > > > Hi > > > > > > On Wed, May 5, 2021 at 9:21 AM Li Qiang <liq3ea@163.com > > <mailto:liq3ea@163.com>> wrote: > > >> > > >> These security issue is low severity and is similar with the > > >> virtio-vga/virtio-gpu device. All of them can be triggered by > > >> the guest user. > > >> > > >> Li Qiang (7): > > >> vhost-user-gpu: fix memory disclosure in virgl_cmd_get_capset_info > > >> vhost-user-gpu: fix resource leak in 'vg_resource_create_2d' > > >> vhost-user-gpu: fix memory leak in vg_resource_attach_backing > > >> vhost-user-gpu: fix memory link while calling 'vg_resource_unref' > > >> vhost-user-gpu: fix memory leak in 'virgl_cmd_resource_unref' > > >> vhost-user-gpu: fix memory leak in 'virgl_resource_attach_backing' > > >> vhost-user-gpu: fix OOB write in 'virgl_cmd_get_capset' > > >> > > >> contrib/vhost-user-gpu/vhost-user-gpu.c | 7 +++++++ > > >> contrib/vhost-user-gpu/virgl.c | 17 ++++++++++++++++- > > >> 2 files changed, 23 insertions(+), 1 deletion(-) > > >> > > >> -- > > > > > > > > > The whole series looks good to me, and applies fixes that were > > done earlier in virtio-gpu. > > > > Do you mean you have merged this series? > > Should I tweak something such as "adding the original fix in > > virtio-gpu"/"better mapping iov cleanup"? > > Yes, and please also mention the corresponding CVE (CVE-2021-3544, > CVE-2021-3545, CVE-2021-3546). > OK, I'm still waiting for the some of the patch's response from Prasad. Kindly ping @Prasad Thanks, Li Qiang > > > > > > No I didn't. I was waiting for the answers to Prasad questions, and > > eventually v2. > > > > Then either Gerd or me can queue this imho. > > > > -- > > Marc-André Lureau >