hw/display/virtio-dmabuf.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-)
In `virtio_add_resource` function, the UUID used as a key for
`g_hash_table_insert` was temporary, which could lead to
invalid lookups when accessed later. This patch ensures that
the UUID remains valid by duplicating it into a newly allocated
memory space. The value is then inserted into the hash table
with this persistent UUID key to ensure that the key stored in
the hash table remains valid as long as the hash table entry
exists.
Fixes: faefdba847 ("hw/display: introduce virtio-dmabuf")
Signed-off-by: Dorinda Bassey <dbassey@redhat.com>
---
hw/display/virtio-dmabuf.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/hw/display/virtio-dmabuf.c b/hw/display/virtio-dmabuf.c
index 3dba4577ca7..5e0395be77c 100644
--- a/hw/display/virtio-dmabuf.c
+++ b/hw/display/virtio-dmabuf.c
@@ -35,11 +35,13 @@ static bool virtio_add_resource(QemuUUID *uuid, VirtioSharedObject *value)
if (resource_uuids == NULL) {
resource_uuids = g_hash_table_new_full(qemu_uuid_hash,
uuid_equal_func,
- NULL,
+ g_free,
g_free);
}
if (g_hash_table_lookup(resource_uuids, uuid) == NULL) {
- g_hash_table_insert(resource_uuids, uuid, value);
+ g_hash_table_insert(resource_uuids,
+ g_memdup2(uuid, sizeof(*uuid)),
+ value);
} else {
result = false;
}
--
2.47.0Hi
On Thu, Nov 7, 2024 at 10:04 PM Dorinda Bassey <dbassey@redhat.com> wrote:
>
> In `virtio_add_resource` function, the UUID used as a key for
> `g_hash_table_insert` was temporary, which could lead to
> invalid lookups when accessed later. This patch ensures that
> the UUID remains valid by duplicating it into a newly allocated
> memory space. The value is then inserted into the hash table
> with this persistent UUID key to ensure that the key stored in
> the hash table remains valid as long as the hash table entry
> exists.
>
> Fixes: faefdba847 ("hw/display: introduce virtio-dmabuf")
>
> Signed-off-by: Dorinda Bassey <dbassey@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
We missed this patch during the -rc period. Can it be included?
it fixes invalid memory access / use-after-free .
Note: I think the original intent was that the @uuid argument
ownership was passed:
virtio_add_dmabuf/virtio_add_vhost_device
* @uuid: new resource's UUID
It could be clarified and be passed as const like getters to eventually help...
> ---
> hw/display/virtio-dmabuf.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/hw/display/virtio-dmabuf.c b/hw/display/virtio-dmabuf.c
> index 3dba4577ca7..5e0395be77c 100644
> --- a/hw/display/virtio-dmabuf.c
> +++ b/hw/display/virtio-dmabuf.c
> @@ -35,11 +35,13 @@ static bool virtio_add_resource(QemuUUID *uuid, VirtioSharedObject *value)
> if (resource_uuids == NULL) {
> resource_uuids = g_hash_table_new_full(qemu_uuid_hash,
> uuid_equal_func,
> - NULL,
> + g_free,
> g_free);
> }
> if (g_hash_table_lookup(resource_uuids, uuid) == NULL) {
> - g_hash_table_insert(resource_uuids, uuid, value);
> + g_hash_table_insert(resource_uuids,
> + g_memdup2(uuid, sizeof(*uuid)),
> + value);
> } else {
> result = false;
> }
> --
> 2.47.0
>
>
--
Marc-André Lureau
On Tue, 2 Dec 2025 at 14:51, Marc-André Lureau
<marcandre.lureau@gmail.com> wrote:
>
> Hi
>
> On Thu, Nov 7, 2024 at 10:04 PM Dorinda Bassey <dbassey@redhat.com> wrote:
> >
> > In `virtio_add_resource` function, the UUID used as a key for
> > `g_hash_table_insert` was temporary, which could lead to
> > invalid lookups when accessed later. This patch ensures that
> > the UUID remains valid by duplicating it into a newly allocated
> > memory space. The value is then inserted into the hash table
> > with this persistent UUID key to ensure that the key stored in
> > the hash table remains valid as long as the hash table entry
> > exists.
> >
> > Fixes: faefdba847 ("hw/display: introduce virtio-dmabuf")
> >
> > Signed-off-by: Dorinda Bassey <dbassey@redhat.com>
>
> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
>
> We missed this patch during the -rc period. Can it be included?
I guess we missed this in several releases since it was sent 1 year ago :-)
BTW I think the main issue here was not ccing Michael (now in CC):
$ ./scripts/get_maintainer.pl -f hw/display/virtio-dmabuf.c
Albert Esteve <aesteve@redhat.com> (supporter:virtio-dmabuf)
"Michael S. Tsirkin" <mst@redhat.com> (supporter:virtio)
qemu-devel@nongnu.org (open list:All patches CC here)
So, I'm not sure if it's better to rebase and resend (including the
R-b) with the right maintainers in CC.
Stefano
>
> it fixes invalid memory access / use-after-free .
>
> Note: I think the original intent was that the @uuid argument
> ownership was passed:
> virtio_add_dmabuf/virtio_add_vhost_device
> * @uuid: new resource's UUID
>
> It could be clarified and be passed as const like getters to eventually help...
>
> > ---
> > hw/display/virtio-dmabuf.c | 6 ++++--
> > 1 file changed, 4 insertions(+), 2 deletions(-)
> >
> > diff --git a/hw/display/virtio-dmabuf.c b/hw/display/virtio-dmabuf.c
> > index 3dba4577ca7..5e0395be77c 100644
> > --- a/hw/display/virtio-dmabuf.c
> > +++ b/hw/display/virtio-dmabuf.c
> > @@ -35,11 +35,13 @@ static bool virtio_add_resource(QemuUUID *uuid, VirtioSharedObject *value)
> > if (resource_uuids == NULL) {
> > resource_uuids = g_hash_table_new_full(qemu_uuid_hash,
> > uuid_equal_func,
> > - NULL,
> > + g_free,
> > g_free);
> > }
> > if (g_hash_table_lookup(resource_uuids, uuid) == NULL) {
> > - g_hash_table_insert(resource_uuids, uuid, value);
> > + g_hash_table_insert(resource_uuids,
> > + g_memdup2(uuid, sizeof(*uuid)),
> > + value);
> > } else {
> > result = false;
> > }
> > --
> > 2.47.0
> >
> >
>
>
> --
> Marc-André Lureau
>
On Thu, Nov 07, 2024 at 07:00:31PM +0100, Dorinda Bassey wrote:
>In `virtio_add_resource` function, the UUID used as a key for
>`g_hash_table_insert` was temporary, which could lead to
>invalid lookups when accessed later. This patch ensures that
>the UUID remains valid by duplicating it into a newly allocated
>memory space. The value is then inserted into the hash table
>with this persistent UUID key to ensure that the key stored in
>the hash table remains valid as long as the hash table entry
>exists.
>
>Fixes: faefdba847 ("hw/display: introduce virtio-dmabuf")
>
>Signed-off-by: Dorinda Bassey <dbassey@redhat.com>
>---
> hw/display/virtio-dmabuf.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
>
>diff --git a/hw/display/virtio-dmabuf.c b/hw/display/virtio-dmabuf.c
>index 3dba4577ca7..5e0395be77c 100644
>--- a/hw/display/virtio-dmabuf.c
>+++ b/hw/display/virtio-dmabuf.c
>@@ -35,11 +35,13 @@ static bool virtio_add_resource(QemuUUID *uuid, VirtioSharedObject *value)
> if (resource_uuids == NULL) {
> resource_uuids = g_hash_table_new_full(qemu_uuid_hash,
> uuid_equal_func,
>- NULL,
>+ g_free,
> g_free);
> }
> if (g_hash_table_lookup(resource_uuids, uuid) == NULL) {
>- g_hash_table_insert(resource_uuids, uuid, value);
>+ g_hash_table_insert(resource_uuids,
>+ g_memdup2(uuid, sizeof(*uuid)),
>+ value);
> } else {
> result = false;
> }
>--
>2.47.0
>
Hi Albert and Michael,
seems this patch fell through the cracks, It was posted but never picked
up. Could you help push it? thanks!
BR,
Dorinda.
On Fri, Nov 8, 2024 at 10:29 AM Stefano Garzarella <sgarzare@redhat.com>
wrote:
> On Thu, Nov 07, 2024 at 07:00:31PM +0100, Dorinda Bassey wrote:
> >In `virtio_add_resource` function, the UUID used as a key for
> >`g_hash_table_insert` was temporary, which could lead to
> >invalid lookups when accessed later. This patch ensures that
> >the UUID remains valid by duplicating it into a newly allocated
> >memory space. The value is then inserted into the hash table
> >with this persistent UUID key to ensure that the key stored in
> >the hash table remains valid as long as the hash table entry
> >exists.
> >
> >Fixes: faefdba847 ("hw/display: introduce virtio-dmabuf")
> >
> >Signed-off-by: Dorinda Bassey <dbassey@redhat.com>
> >---
> > hw/display/virtio-dmabuf.c | 6 ++++--
> > 1 file changed, 4 insertions(+), 2 deletions(-)
>
> Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
>
> >
> >diff --git a/hw/display/virtio-dmabuf.c b/hw/display/virtio-dmabuf.c
> >index 3dba4577ca7..5e0395be77c 100644
> >--- a/hw/display/virtio-dmabuf.c
> >+++ b/hw/display/virtio-dmabuf.c
> >@@ -35,11 +35,13 @@ static bool virtio_add_resource(QemuUUID *uuid,
> VirtioSharedObject *value)
> > if (resource_uuids == NULL) {
> > resource_uuids = g_hash_table_new_full(qemu_uuid_hash,
> > uuid_equal_func,
> >- NULL,
> >+ g_free,
> > g_free);
> > }
> > if (g_hash_table_lookup(resource_uuids, uuid) == NULL) {
> >- g_hash_table_insert(resource_uuids, uuid, value);
> >+ g_hash_table_insert(resource_uuids,
> >+ g_memdup2(uuid, sizeof(*uuid)),
> >+ value);
> > } else {
> > result = false;
> > }
> >--
> >2.47.0
> >
>
>
On Mon, Sep 15, 2025 at 11:16 AM Dorinda Bassey <dbassey@redhat.com> wrote:
>
> Hi Albert and Michael,
>
> seems this patch fell through the cracks, It was posted but never picked up. Could you help push it? thanks!
I do not remember this patch! Great that you checked, as this fixes a
legitimate issue. Hopefully will get integrated this time.
>
> BR,
> Dorinda.
>
> On Fri, Nov 8, 2024 at 10:29 AM Stefano Garzarella <sgarzare@redhat.com> wrote:
>>
>> On Thu, Nov 07, 2024 at 07:00:31PM +0100, Dorinda Bassey wrote:
>> >In `virtio_add_resource` function, the UUID used as a key for
>> >`g_hash_table_insert` was temporary, which could lead to
>> >invalid lookups when accessed later. This patch ensures that
>> >the UUID remains valid by duplicating it into a newly allocated
>> >memory space. The value is then inserted into the hash table
>> >with this persistent UUID key to ensure that the key stored in
>> >the hash table remains valid as long as the hash table entry
>> >exists.
>> >
>> >Fixes: faefdba847 ("hw/display: introduce virtio-dmabuf")
>> >
>> >Signed-off-by: Dorinda Bassey <dbassey@redhat.com>
>> >---
>> > hw/display/virtio-dmabuf.c | 6 ++++--
>> > 1 file changed, 4 insertions(+), 2 deletions(-)
>>
>> Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
Reviewed-by: Albert Esteve <aesteve@redhat.com>
>>
>> >
>> >diff --git a/hw/display/virtio-dmabuf.c b/hw/display/virtio-dmabuf.c
>> >index 3dba4577ca7..5e0395be77c 100644
>> >--- a/hw/display/virtio-dmabuf.c
>> >+++ b/hw/display/virtio-dmabuf.c
>> >@@ -35,11 +35,13 @@ static bool virtio_add_resource(QemuUUID *uuid, VirtioSharedObject *value)
>> > if (resource_uuids == NULL) {
>> > resource_uuids = g_hash_table_new_full(qemu_uuid_hash,
>> > uuid_equal_func,
>> >- NULL,
>> >+ g_free,
>> > g_free);
>> > }
>> > if (g_hash_table_lookup(resource_uuids, uuid) == NULL) {
>> >- g_hash_table_insert(resource_uuids, uuid, value);
>> >+ g_hash_table_insert(resource_uuids,
>> >+ g_memdup2(uuid, sizeof(*uuid)),
>> >+ value);
>> > } else {
>> > result = false;
>> > }
>> >--
>> >2.47.0
>> >
>>
© 2016 - 2026 Red Hat, Inc.