1. Patchew
  2. QEMU
  3. View series

[PATCH 0/7] vhost-user-gpu: fix several security issues

Li Qiang posted 7 patches 2 years, 11 months ago
Test checkpatch passed
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/20210505045824.33880-1-liq3ea@163.com
Maintainers: Gerd Hoffmann <kraxel@redhat.com>, "Marc-André Lureau" <marcandre.lureau@redhat.com>, "Michael S. Tsirkin" <mst@redhat.com>
There is a newer version of this series
contrib/vhost-user-gpu/vhost-user-gpu.c |  7 +++++++
contrib/vhost-user-gpu/virgl.c          | 17 ++++++++++++++++-
2 files changed, 23 insertions(+), 1 deletion(-)
[PATCH 0/7] vhost-user-gpu: fix several security issues
Posted by Li Qiang 2 years, 11 months ago 
These security issue is low severity and is similar with the
virtio-vga/virtio-gpu device. All of them can be triggered by
the guest user.

Li Qiang (7):
  vhost-user-gpu: fix memory disclosure in virgl_cmd_get_capset_info
  vhost-user-gpu: fix resource leak in 'vg_resource_create_2d'
  vhost-user-gpu: fix memory leak in vg_resource_attach_backing
  vhost-user-gpu: fix memory link while calling 'vg_resource_unref'
  vhost-user-gpu: fix memory leak in 'virgl_cmd_resource_unref'
  vhost-user-gpu: fix memory leak in 'virgl_resource_attach_backing'
  vhost-user-gpu: fix OOB write in 'virgl_cmd_get_capset'

 contrib/vhost-user-gpu/vhost-user-gpu.c |  7 +++++++
 contrib/vhost-user-gpu/virgl.c          | 17 ++++++++++++++++-
 2 files changed, 23 insertions(+), 1 deletion(-)

-- 
2.25.1
Re: [PATCH 0/7] vhost-user-gpu: fix several security issues
Posted by Marc-André Lureau 2 years, 11 months ago 
Hi

On Wed, May 5, 2021 at 9:21 AM Li Qiang <liq3ea@163.com> wrote:

> These security issue is low severity and is similar with the
> virtio-vga/virtio-gpu device. All of them can be triggered by
> the guest user.
>
> Li Qiang (7):
>   vhost-user-gpu: fix memory disclosure in virgl_cmd_get_capset_info
>   vhost-user-gpu: fix resource leak in 'vg_resource_create_2d'
>   vhost-user-gpu: fix memory leak in vg_resource_attach_backing
>   vhost-user-gpu: fix memory link while calling 'vg_resource_unref'
>   vhost-user-gpu: fix memory leak in 'virgl_cmd_resource_unref'
>   vhost-user-gpu: fix memory leak in 'virgl_resource_attach_backing'
>   vhost-user-gpu: fix OOB write in 'virgl_cmd_get_capset'
>
>  contrib/vhost-user-gpu/vhost-user-gpu.c |  7 +++++++
>  contrib/vhost-user-gpu/virgl.c          | 17 ++++++++++++++++-
>  2 files changed, 23 insertions(+), 1 deletion(-)
>
> --
>

The whole series looks good to me, and applies fixes that were done earlier
in virtio-gpu.

Thanks


-- 
Marc-André Lureau
Re: [PATCH 0/7] vhost-user-gpu: fix several security issues
Posted by Li Qiang 2 years, 11 months ago 
Marc-André Lureau <marcandre.lureau@gmail.com> 于2021年5月5日周三 下午5:10写道:
>
> Hi
>
> On Wed, May 5, 2021 at 9:21 AM Li Qiang <liq3ea@163.com> wrote:
>>
>> These security issue is low severity and is similar with the
>> virtio-vga/virtio-gpu device. All of them can be triggered by
>> the guest user.
>>
>> Li Qiang (7):
>>   vhost-user-gpu: fix memory disclosure in virgl_cmd_get_capset_info
>>   vhost-user-gpu: fix resource leak in 'vg_resource_create_2d'
>>   vhost-user-gpu: fix memory leak in vg_resource_attach_backing
>>   vhost-user-gpu: fix memory link while calling 'vg_resource_unref'
>>   vhost-user-gpu: fix memory leak in 'virgl_cmd_resource_unref'
>>   vhost-user-gpu: fix memory leak in 'virgl_resource_attach_backing'
>>   vhost-user-gpu: fix OOB write in 'virgl_cmd_get_capset'
>>
>>  contrib/vhost-user-gpu/vhost-user-gpu.c |  7 +++++++
>>  contrib/vhost-user-gpu/virgl.c          | 17 ++++++++++++++++-
>>  2 files changed, 23 insertions(+), 1 deletion(-)
>>
>> --
>
>
> The whole series looks good to me, and applies fixes that were done earlier in virtio-gpu.

Do you mean you have merged this series?
Should I tweak something such as "adding the original fix in
virtio-gpu"/"better mapping iov cleanup"?

Thanks,
Li Qiang

>
> Thanks
>
>
> --
> Marc-André Lureau
Re: [PATCH 0/7] vhost-user-gpu: fix several security issues
Posted by Marc-André Lureau 2 years, 11 months ago 
Hi

On Wed, May 5, 2021 at 1:28 PM Li Qiang <liq3ea@gmail.com> wrote:

> Marc-André Lureau <marcandre.lureau@gmail.com> 于2021年5月5日周三 下午5:10写道:
> >
> > Hi
> >
> > On Wed, May 5, 2021 at 9:21 AM Li Qiang <liq3ea@163.com> wrote:
> >>
> >> These security issue is low severity and is similar with the
> >> virtio-vga/virtio-gpu device. All of them can be triggered by
> >> the guest user.
> >>
> >> Li Qiang (7):
> >>   vhost-user-gpu: fix memory disclosure in virgl_cmd_get_capset_info
> >>   vhost-user-gpu: fix resource leak in 'vg_resource_create_2d'
> >>   vhost-user-gpu: fix memory leak in vg_resource_attach_backing
> >>   vhost-user-gpu: fix memory link while calling 'vg_resource_unref'
> >>   vhost-user-gpu: fix memory leak in 'virgl_cmd_resource_unref'
> >>   vhost-user-gpu: fix memory leak in 'virgl_resource_attach_backing'
> >>   vhost-user-gpu: fix OOB write in 'virgl_cmd_get_capset'
> >>
> >>  contrib/vhost-user-gpu/vhost-user-gpu.c |  7 +++++++
> >>  contrib/vhost-user-gpu/virgl.c          | 17 ++++++++++++++++-
> >>  2 files changed, 23 insertions(+), 1 deletion(-)
> >>
> >> --
> >
> >
> > The whole series looks good to me, and applies fixes that were done
> earlier in virtio-gpu.
>
> Do you mean you have merged this series?
> Should I tweak something such as "adding the original fix in
> virtio-gpu"/"better mapping iov cleanup"?
>
>
No I didn't. I was waiting for the answers to Prasad questions, and
eventually v2.

Then either Gerd or me can queue this imho.

-- 
Marc-André Lureau
Re: [PATCH 0/7] vhost-user-gpu: fix several security issues
Posted by Philippe Mathieu-Daudé 2 years, 11 months ago 
On 5/5/21 11:35 AM, Marc-André Lureau wrote:
> Hi
> 
> On Wed, May 5, 2021 at 1:28 PM Li Qiang <liq3ea@gmail.com
> <mailto:liq3ea@gmail.com>> wrote:
> 
>     Marc-André Lureau <marcandre.lureau@gmail.com
>     <mailto:marcandre.lureau@gmail.com>> 于2021年5月5日周三 下午5:10写道:
>     >
>     > Hi
>     >
>     > On Wed, May 5, 2021 at 9:21 AM Li Qiang <liq3ea@163.com
>     <mailto:liq3ea@163.com>> wrote:
>     >>
>     >> These security issue is low severity and is similar with the
>     >> virtio-vga/virtio-gpu device. All of them can be triggered by
>     >> the guest user.
>     >>
>     >> Li Qiang (7):
>     >>   vhost-user-gpu: fix memory disclosure in virgl_cmd_get_capset_info
>     >>   vhost-user-gpu: fix resource leak in 'vg_resource_create_2d'
>     >>   vhost-user-gpu: fix memory leak in vg_resource_attach_backing
>     >>   vhost-user-gpu: fix memory link while calling 'vg_resource_unref'
>     >>   vhost-user-gpu: fix memory leak in 'virgl_cmd_resource_unref'
>     >>   vhost-user-gpu: fix memory leak in 'virgl_resource_attach_backing'
>     >>   vhost-user-gpu: fix OOB write in 'virgl_cmd_get_capset'
>     >>
>     >>  contrib/vhost-user-gpu/vhost-user-gpu.c |  7 +++++++
>     >>  contrib/vhost-user-gpu/virgl.c          | 17 ++++++++++++++++-
>     >>  2 files changed, 23 insertions(+), 1 deletion(-)
>     >>
>     >> --
>     >
>     >
>     > The whole series looks good to me, and applies fixes that were
>     done earlier in virtio-gpu.
> 
>     Do you mean you have merged this series?
>     Should I tweak something such as "adding the original fix in
>     virtio-gpu"/"better mapping iov cleanup"?

Yes, and please also mention the corresponding CVE (CVE-2021-3544,
CVE-2021-3545, CVE-2021-3546).

> 
> 
> No I didn't. I was waiting for the answers to Prasad questions, and
> eventually v2.
> 
> Then either Gerd or me can queue this imho.
>  
> -- 
> Marc-André Lureau
Re: [PATCH 0/7] vhost-user-gpu: fix several security issues
Posted by Li Qiang 2 years, 11 months ago 
Philippe Mathieu-Daudé <philmd@redhat.com> 于2021年5月11日周二 上午3:25写道:
>
> On 5/5/21 11:35 AM, Marc-André Lureau wrote:
> > Hi
> >
> > On Wed, May 5, 2021 at 1:28 PM Li Qiang <liq3ea@gmail.com
> > <mailto:liq3ea@gmail.com>> wrote:
> >
> >     Marc-André Lureau <marcandre.lureau@gmail.com
> >     <mailto:marcandre.lureau@gmail.com>> 于2021年5月5日周三 下午5:10写道:
> >     >
> >     > Hi
> >     >
> >     > On Wed, May 5, 2021 at 9:21 AM Li Qiang <liq3ea@163.com
> >     <mailto:liq3ea@163.com>> wrote:
> >     >>
> >     >> These security issue is low severity and is similar with the
> >     >> virtio-vga/virtio-gpu device. All of them can be triggered by
> >     >> the guest user.
> >     >>
> >     >> Li Qiang (7):
> >     >>   vhost-user-gpu: fix memory disclosure in virgl_cmd_get_capset_info
> >     >>   vhost-user-gpu: fix resource leak in 'vg_resource_create_2d'
> >     >>   vhost-user-gpu: fix memory leak in vg_resource_attach_backing
> >     >>   vhost-user-gpu: fix memory link while calling 'vg_resource_unref'
> >     >>   vhost-user-gpu: fix memory leak in 'virgl_cmd_resource_unref'
> >     >>   vhost-user-gpu: fix memory leak in 'virgl_resource_attach_backing'
> >     >>   vhost-user-gpu: fix OOB write in 'virgl_cmd_get_capset'
> >     >>
> >     >>  contrib/vhost-user-gpu/vhost-user-gpu.c |  7 +++++++
> >     >>  contrib/vhost-user-gpu/virgl.c          | 17 ++++++++++++++++-
> >     >>  2 files changed, 23 insertions(+), 1 deletion(-)
> >     >>
> >     >> --
> >     >
> >     >
> >     > The whole series looks good to me, and applies fixes that were
> >     done earlier in virtio-gpu.
> >
> >     Do you mean you have merged this series?
> >     Should I tweak something such as "adding the original fix in
> >     virtio-gpu"/"better mapping iov cleanup"?
>
> Yes, and please also mention the corresponding CVE (CVE-2021-3544,
> CVE-2021-3545, CVE-2021-3546).
>

OK, I'm still waiting for the some of the patch's response from
Prasad. Kindly ping @Prasad


Thanks,
Li Qiang

> >
> >
> > No I didn't. I was waiting for the answers to Prasad questions, and
> > eventually v2.
> >
> > Then either Gerd or me can queue this imho.
> >
> > --
> > Marc-André Lureau
>

Patchew 2.1-devel-0870f84

© 2016 - 2024 Red Hat, Inc.