Hi, I'm currently finishing my upload for qemu, and a question is remaining concerning the fix of CVE-2016-99{14,15,16}[0,1,2].
It is clear to me that the 9pfs proxy/handle backend drivers may issue a memory leakage when unrealized (ctx->private not deallocated for example). Thus, if they can be unrealized, we will need to implement a cleanup mechanism, as proposed in the upstream patch[3,4]. In recent versions following the QOM model, the unrealize operation is implemented in 9p.c. It is not the case in the wheezy version, for which I can't find any function performing unrealize operations[5] (the current unrealize function got implemented in this commit[6]). So, I am having trouble defining whether it is possible to unrealize the 9pfs device in the wheezy version, and if yes, which method (if there's one) is handling it. Does anybody have an idea ? Cheers, Hugo [0] https://security-tracker.debian.org/tracker/CVE-2016-9914 [1] https://security-tracker.debian.org/tracker/CVE-2016-9915 [2] https://security-tracker.debian.org/tracker/CVE-2016-9916 [3] http://git.qemu.org/?p=qemu.git;a=commit;h=971f406b77a6eb84e0ad27dcc416b663765aee30 [4] http://git.qemu.org/?p=qemu.git;a=commit;h=898ae90a44551d25b8e956fd87372d303c82fe68 [5] For the record, the equivalent in wheezy of the modern realize function is virtio_9p_init in virtio-9p-device.c. [6] http://git.qemu.org/?p=qemu.git;a=commit;h=6cecf093735f2e5af7d0e29d957350320044e354 -- Hugo Lefeuvre (hle) | www.owl.eu.com 4096/ ACB7 B67F 197F 9B32 1533 431C AC90 AC3E C524 065E
signature.asc
Description: PGP signature