hw/display/virtio-dmabuf.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-)
In `virtio_add_resource` function, the UUID used as a key for
`g_hash_table_insert` was temporary, which could lead to
invalid lookups when accessed later. This patch ensures that
the UUID remains valid by duplicating it into a newly allocated
memory space. The value is then inserted into the hash table
with this persistent UUID key to ensure that the key stored in
the hash table remains valid as long as the hash table entry
exists.
Fixes: faefdba847 ("hw/display: introduce virtio-dmabuf")
Signed-off-by: Dorinda Bassey <dbassey@redhat.com>
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
Reviewed-by: Albert Esteve <aesteve@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
---
v3: removed blank line between trailers
hw/display/virtio-dmabuf.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/hw/display/virtio-dmabuf.c b/hw/display/virtio-dmabuf.c
index 3dba4577ca..5e0395be77 100644
--- a/hw/display/virtio-dmabuf.c
+++ b/hw/display/virtio-dmabuf.c
@@ -35,11 +35,13 @@ static bool virtio_add_resource(QemuUUID *uuid, VirtioSharedObject *value)
if (resource_uuids == NULL) {
resource_uuids = g_hash_table_new_full(qemu_uuid_hash,
uuid_equal_func,
- NULL,
+ g_free,
g_free);
}
if (g_hash_table_lookup(resource_uuids, uuid) == NULL) {
- g_hash_table_insert(resource_uuids, uuid, value);
+ g_hash_table_insert(resource_uuids,
+ g_memdup2(uuid, sizeof(*uuid)),
+ value);
} else {
result = false;
}
--
2.51.0
On 12/4/25 19:20, Dorinda Bassey wrote:
> In `virtio_add_resource` function, the UUID used as a key for
> `g_hash_table_insert` was temporary, which could lead to
> invalid lookups when accessed later. This patch ensures that
> the UUID remains valid by duplicating it into a newly allocated
> memory space. The value is then inserted into the hash table
> with this persistent UUID key to ensure that the key stored in
> the hash table remains valid as long as the hash table entry
> exists.
>
> Fixes: faefdba847 ("hw/display: introduce virtio-dmabuf")
> Signed-off-by: Dorinda Bassey <dbassey@redhat.com>
> Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
> Reviewed-by: Albert Esteve <aesteve@redhat.com>
> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Again, this feels like a qemu-stable material. However, I'm not
sure under which circumstances the uuid key can be freed before
referencing.
Please let me know if I shouldn't pick this up for qemu stable
releases.
Thanks,
/mjt
> ---
> v3: removed blank line between trailers
>
> hw/display/virtio-dmabuf.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/hw/display/virtio-dmabuf.c b/hw/display/virtio-dmabuf.c
> index 3dba4577ca..5e0395be77 100644
> --- a/hw/display/virtio-dmabuf.c
> +++ b/hw/display/virtio-dmabuf.c
> @@ -35,11 +35,13 @@ static bool virtio_add_resource(QemuUUID *uuid, VirtioSharedObject *value)
> if (resource_uuids == NULL) {
> resource_uuids = g_hash_table_new_full(qemu_uuid_hash,
> uuid_equal_func,
> - NULL,
> + g_free,
> g_free);
> }
> if (g_hash_table_lookup(resource_uuids, uuid) == NULL) {
> - g_hash_table_insert(resource_uuids, uuid, value);
> + g_hash_table_insert(resource_uuids,
> + g_memdup2(uuid, sizeof(*uuid)),
> + value);
> } else {
> result = false;
> }
Hi,
Again, this feels like a qemu-stable material. However, I'm not
> sure under which circumstances the uuid key can be freed before
> referencing.
>
> Please let me know if I shouldn't pick this up for qemu stable
> releases.
I don't think there's a need to pick this up for stable, I found this issue
when testing the `resource_assign_uuid` feature, which is not yet fully
implemented in rust-vmm vhost-device-gpu backend that uses it. So safe to
say no existing users are hitting this code path in the current stable.
Br,
Dorinda.
On Thu, Feb 5, 2026 at 10:50 PM Michael Tokarev <mjt@tls.msk.ru> wrote:
> On 12/4/25 19:20, Dorinda Bassey wrote:
> > In `virtio_add_resource` function, the UUID used as a key for
> > `g_hash_table_insert` was temporary, which could lead to
> > invalid lookups when accessed later. This patch ensures that
> > the UUID remains valid by duplicating it into a newly allocated
> > memory space. The value is then inserted into the hash table
> > with this persistent UUID key to ensure that the key stored in
> > the hash table remains valid as long as the hash table entry
> > exists.
> >
> > Fixes: faefdba847 ("hw/display: introduce virtio-dmabuf")
> > Signed-off-by: Dorinda Bassey <dbassey@redhat.com>
> > Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
> > Reviewed-by: Albert Esteve <aesteve@redhat.com>
> > Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
>
> Again, this feels like a qemu-stable material. However, I'm not
> sure under which circumstances the uuid key can be freed before
> referencing.
>
> Please let me know if I shouldn't pick this up for qemu stable
> releases.
>
> Thanks,
>
> /mjt
>
> > ---
> > v3: removed blank line between trailers
> >
> > hw/display/virtio-dmabuf.c | 6 ++++--
> > 1 file changed, 4 insertions(+), 2 deletions(-)
> >
> > diff --git a/hw/display/virtio-dmabuf.c b/hw/display/virtio-dmabuf.c
> > index 3dba4577ca..5e0395be77 100644
> > --- a/hw/display/virtio-dmabuf.c
> > +++ b/hw/display/virtio-dmabuf.c
> > @@ -35,11 +35,13 @@ static bool virtio_add_resource(QemuUUID *uuid,
> VirtioSharedObject *value)
> > if (resource_uuids == NULL) {
> > resource_uuids = g_hash_table_new_full(qemu_uuid_hash,
> > uuid_equal_func,
> > - NULL,
> > + g_free,
> > g_free);
> > }
> > if (g_hash_table_lookup(resource_uuids, uuid) == NULL) {
> > - g_hash_table_insert(resource_uuids, uuid, value);
> > + g_hash_table_insert(resource_uuids,
> > + g_memdup2(uuid, sizeof(*uuid)),
> > + value);
> > } else {
> > result = false;
> > }
>
>
On 2/6/26 18:00, Dorinda Bassey wrote: > Hi, > > Again, this feels like a qemu-stable material. However, I'm not > sure under which circumstances the uuid key can be freed before > referencing. > > Please let me know if I shouldn't pick this up for qemu stable > releases. > > I don't think there's a need to pick this up for stable, I found this > issue when testing the `resource_assign_uuid` feature, which is not yet > fully implemented in rust-vmm vhost-device-gpu backend that uses it. So > safe to say no existing users are hitting this code path in the current > stable. This makes sense. I'm dropping this one from the stable series. But I wonder - for example, 10.0.x is currently a long-term stable release. If rust-vmm changes and implements this feature, won't we hit this issue there? But this time, with a painful debugging session because the current context is forgotten already? :) Thank you
On Thu, 4 Dec 2025 at 16:22, Dorinda Bassey <dbassey@redhat.com> wrote:
>
> In `virtio_add_resource` function, the UUID used as a key for
> `g_hash_table_insert` was temporary, which could lead to
> invalid lookups when accessed later. This patch ensures that
> the UUID remains valid by duplicating it into a newly allocated
> memory space. The value is then inserted into the hash table
> with this persistent UUID key to ensure that the key stored in
> the hash table remains valid as long as the hash table entry
> exists.
>
> Fixes: faefdba847 ("hw/display: introduce virtio-dmabuf")
> Signed-off-by: Dorinda Bassey <dbassey@redhat.com>
> Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
> Reviewed-by: Albert Esteve <aesteve@redhat.com>
> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
> ---
> v3: removed blank line between trailers
>
> hw/display/virtio-dmabuf.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
Reviewed-by: Jim MacArthur <jim.macarthur@linaro.org>
© 2016 - 2026 Red Hat, Inc.