From nobody Sun May 19 04:05:30 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1594892056; cv=none; d=zohomail.com; s=zohoarc; b=V+r7LXrLpdtqzNJeXttUbfzWXbMLJf536J8hCt891rvsVj3MKGRreT8ducX2g79HQc8K0ndHwM9cm7d0QqGMUljaCsO8cpo8mzhGreSov2QZcd/SG5e5BUtgD2LF0G9/f7tv9FnrBfhsjB7GOspIkl+Tk5J3ElnSX6NdmB5/Sms= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1594892056; h=Content-Type:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:Message-ID:References:Sender:Subject:To; bh=8jqvyBBFqiJ+Hi23niTtYK6jymS8r/+nxU61U47Diro=; b=UYaTc/sDTvsukAJrWr3miv9zHql0cPoUe7MJqU2Srs741OorItI+qeItuOkDo0DSAhmiD0xhl1bIuqRKfUE1pueYwUD/68ZESYBjYt2odczUX9QIVWGaH4TFyTFRIS+L/9APj3e2JLCeTVwOXjem2QJTXtetHGVeBdh4JdaRTU8= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1594892056089712.3146320708374; Thu, 16 Jul 2020 02:34:16 -0700 (PDT) Received: from localhost ([::1]:46158 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jw0HP-0001VP-02 for importer@patchew.org; Thu, 16 Jul 2020 05:34:15 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:43058) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jw0En-0006V5-MT for qemu-devel@nongnu.org; Thu, 16 Jul 2020 05:31:33 -0400 Received: from us-smtp-2.mimecast.com ([205.139.110.61]:45635 helo=us-smtp-delivery-1.mimecast.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.90_1) (envelope-from ) id 1jw0Ek-0002Nx-7W for qemu-devel@nongnu.org; Thu, 16 Jul 2020 05:31:33 -0400 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-364-BOamg8qNMGCBHVOTXK9MTg-1; Thu, 16 Jul 2020 05:31:27 -0400 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 989E11009440 for ; Thu, 16 Jul 2020 09:31:26 +0000 (UTC) Received: from sirius.home.kraxel.org (ovpn-115-89.ams2.redhat.com [10.36.115.89]) by smtp.corp.redhat.com (Postfix) with ESMTP id C26A378481; Thu, 16 Jul 2020 09:31:20 +0000 (UTC) Received: by sirius.home.kraxel.org (Postfix, from userid 1000) id B00689DA0; Thu, 16 Jul 2020 11:31:19 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1594891889; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:content-type:content-type:in-reply-to:in-reply-to: references:references; bh=8jqvyBBFqiJ+Hi23niTtYK6jymS8r/+nxU61U47Diro=; b=R1ehUuzkgRq2LDndhZ9Io1L0HOC5fVLI+nz4BQqyrR2UgXSy7+hsuBE74aiEY6ZIdMbiBQ N/n9j9WMDKBthh/dB2QQSFa2mHSfXVCpSiaW2SKNP4DLctIFADoLppmLjP8oscl//utvrb QFfA08uTcriNDJSRjHfKup1lrWn2yrI= X-MC-Unique: BOamg8qNMGCBHVOTXK9MTg-1 From: Gerd Hoffmann To: qemu-devel@nongnu.org Subject: [PULL 1/2] vfio: fix use-after-free in display Date: Thu, 16 Jul 2020 11:31:18 +0200 Message-Id: <20200716093119.10740-2-kraxel@redhat.com> In-Reply-To: <20200716093119.10740-1-kraxel@redhat.com> References: <20200716093119.10740-1-kraxel@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=205.139.110.61; envelope-from=kraxel@redhat.com; helo=us-smtp-delivery-1.mimecast.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/07/16 01:59:11 X-ACL-Warn: Detected OS = Linux 2.2.x-3.x [generic] [fuzzy] X-Spam_score_int: -40 X-Spam_score: -4.1 X-Spam_bar: ---- X-Spam_report: (-4.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-1, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Alex Williamson , Gerd Hoffmann Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Calling ramfb_display_update() might replace the DisplaySurface with the boot display, which in turn will free the currently active DisplaySurface. So clear our DisplaySurface pinter (dpy->region.surface pointer) to (a) avoid use-after-free and (b) force replacing the boot display with the real display when switching back. Signed-off-by: Gerd Hoffmann Reviewed-by: Alex Williamson Acked-by: Alex Williamson Message-id: 20200713124520.23266-1-kraxel@redhat.com --- hw/vfio/display.c | 1 + 1 file changed, 1 insertion(+) diff --git a/hw/vfio/display.c b/hw/vfio/display.c index a57a22674d62..342054193b3c 100644 --- a/hw/vfio/display.c +++ b/hw/vfio/display.c @@ -405,6 +405,7 @@ static void vfio_display_region_update(void *opaque) if (!plane.drm_format || !plane.size) { if (dpy->ramfb) { ramfb_display_update(dpy->con, dpy->ramfb); + dpy->region.surface =3D NULL; } return; } --=20 2.18.4 From nobody Sun May 19 04:05:30 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1594891975; cv=none; d=zohomail.com; s=zohoarc; b=Pe66dt7fNyNVSW21gXs14IHiB6j5+mc0ZzEdxI8/B17JpCfh1QnWMgVdoYM5Dh1C+KwUwMnKSA90Z0xII4A7LdWaWF4bovHW3/gxl47tEiGMugpoya/w3opNbgsYVz1Wvr52/4qAZltYw+Z6ExqCY8Op+bihqavnQUp0nVTWGqo= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1594891975; h=Content-Type:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:Message-ID:References:Sender:Subject:To; bh=xpw21qTBJLA79feXZS9EUbIVuYnMfN2TKpTwC+BcZ+U=; b=MjtauGec04vM3hNdH6WuruksZlzpninX7MSWDNmREJfMWieHxjbyEYHiIoE8J/m6XF96j4rJHNweauz0lPPsHBJV6sEE5rGMuN8/xj9TZT8I81DgjTGw2tLrFN6zh0hx+RSgGyBYX/0EB6CWPDv2tHZWCgcimiGoi/ZWEFlhpG8= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1594891975852995.7083315736128; Thu, 16 Jul 2020 02:32:55 -0700 (PDT) Received: from localhost ([::1]:40742 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jw0G6-0007jA-JV for importer@patchew.org; Thu, 16 Jul 2020 05:32:54 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:43024) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jw0Em-0006V1-Jt for qemu-devel@nongnu.org; Thu, 16 Jul 2020 05:31:33 -0400 Received: from us-smtp-1.mimecast.com ([205.139.110.61]:40999 helo=us-smtp-delivery-1.mimecast.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.90_1) (envelope-from ) id 1jw0Ek-0002O7-9z for qemu-devel@nongnu.org; Thu, 16 Jul 2020 05:31:32 -0400 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-446-I_7V7rucOty1_6RrLULUlQ-1; Thu, 16 Jul 2020 05:31:27 -0400 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id A161C1009441 for ; Thu, 16 Jul 2020 09:31:26 +0000 (UTC) Received: from sirius.home.kraxel.org (ovpn-115-89.ams2.redhat.com [10.36.115.89]) by smtp.corp.redhat.com (Postfix) with ESMTP id CB9F978482; Thu, 16 Jul 2020 09:31:20 +0000 (UTC) Received: by sirius.home.kraxel.org (Postfix, from userid 1000) id B96A89D57; Thu, 16 Jul 2020 11:31:19 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1594891889; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:content-type:content-type:in-reply-to:in-reply-to: references:references; bh=xpw21qTBJLA79feXZS9EUbIVuYnMfN2TKpTwC+BcZ+U=; b=g7d+VTUCKcvOq95fRCpRGx9gVccQCf8LSK3XoTggNglhkLeF1XwbsZsjVtzFvy5751N/dg SZHeby0+Fv55X2p359wWTRylXFVE4m32e9p8JtCrRQcOxuz657q3FWYPRL+SlVt24l/R9p yMB4s3P/tG5NnRaxW/PINpI81vEOaPs= X-MC-Unique: I_7V7rucOty1_6RrLULUlQ-1 From: Gerd Hoffmann To: qemu-devel@nongnu.org Subject: [PULL 2/2] usb: fix storage regression Date: Thu, 16 Jul 2020 11:31:19 +0200 Message-Id: <20200716093119.10740-3-kraxel@redhat.com> In-Reply-To: <20200716093119.10740-1-kraxel@redhat.com> References: <20200716093119.10740-1-kraxel@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=205.139.110.61; envelope-from=kraxel@redhat.com; helo=us-smtp-delivery-1.mimecast.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/07/16 01:59:11 X-ACL-Warn: Detected OS = Linux 2.2.x-3.x [generic] [fuzzy] X-Spam_score_int: -40 X-Spam_score: -4.1 X-Spam_bar: ---- X-Spam_report: (-4.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-1, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Alex Williamson , Gerd Hoffmann Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Fix the contition to figure whenever we need to wait for more data or not. Simply check the mode, if we are not in DATAIN state any more we are done already and don't need to go ASYNC. Fixes: 7ad3d51ebb8a ("usb: add short-packet handling to usb-storage driver") Reported-by: Sai Pavan Boddu Tested-by: Paul Zimmerman Signed-off-by: Gerd Hoffmann Message-id: 20200713062712.1476-1-kraxel@redhat.com --- hw/usb/dev-storage.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/hw/usb/dev-storage.c b/hw/usb/dev-storage.c index 2ed6a8df2413..405a4ccfe700 100644 --- a/hw/usb/dev-storage.c +++ b/hw/usb/dev-storage.c @@ -546,8 +546,7 @@ static void usb_msd_handle_data(USBDevice *dev, USBPack= et *p) } } } - if (p->actual_length < p->iov.size && (p->short_not_ok || - s->scsi_len >=3D p->ep->max_packet_size)) { + if (p->actual_length < p->iov.size && s->mode =3D=3D USB_MSDM_= DATAIN) { DPRINTF("Deferring packet %p [wait data-in]\n", p); s->packet =3D p; p->status =3D USB_RET_ASYNC; --=20 2.18.4