[pve-devel] [PATCH kvm] fix CVE-2016-7466

Fabian Grünbichler Wed, 21 Sep 2016 23:27:31 -0700

memory leak in usb_xhci_exit
---
 ...usb-xhci-fix-memory-leak-in-usb_xhci_exit.patch | 32 ++++++++++++++++++++++
 debian/patches/series                              |  1 +
 2 files changed, 33 insertions(+)
 create mode 100644 
debian/patches/extra/CVE-2016-7466-usb-xhci-fix-memory-leak-in-usb_xhci_exit.patch


diff --git 
a/debian/patches/extra/CVE-2016-7466-usb-xhci-fix-memory-leak-in-usb_xhci_exit.patch
 
b/debian/patches/extra/CVE-2016-7466-usb-xhci-fix-memory-leak-in-usb_xhci_exit.patch
new file mode 100644
index 0000000..c463161
--- /dev/null
+++ 
b/debian/patches/extra/CVE-2016-7466-usb-xhci-fix-memory-leak-in-usb_xhci_exit.patch
@@ -0,0 +1,32 @@
+From b53dd4495ced2432a0b652ea895e651d07336f7e Mon Sep 17 00:00:00 2001
+From: Li Qiang <liqiang...@360.cn>
+Date: Tue, 13 Sep 2016 03:20:03 -0700
+Subject: [PATCH] usb:xhci:fix memory leak in usb_xhci_exit
+
+If the xhci uses msix, it doesn't free the corresponding
+memory, thus leading a memory leak. This patch avoid this.
+
+Signed-off-by: Li Qiang <liqiang...@360.cn>
+Message-id: 57d7d2e0.d4301c0a.d13e9.9...@mx.google.com
+Signed-off-by: Gerd Hoffmann <kra...@redhat.com>
+---
+ hw/usb/hcd-xhci.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c
+index 37c1493..726435c 100644
+--- a/hw/usb/hcd-xhci.c
++++ b/hw/usb/hcd-xhci.c
+@@ -3715,8 +3715,7 @@ static void usb_xhci_exit(PCIDevice *dev)
+     /* destroy msix memory region */
+     if (dev->msix_table && dev->msix_pba
+         && dev->msix_entry_used) {
+-        memory_region_del_subregion(&xhci->mem, &dev->msix_table_mmio);
+-        memory_region_del_subregion(&xhci->mem, &dev->msix_pba_mmio);
++        msix_uninit(dev, &xhci->mem, &xhci->mem);
+     }
+ 
+     usb_bus_release(&xhci->bus);
+-- 
+2.1.4
+
diff --git a/debian/patches/series b/debian/patches/series
index 5c17cf1..b1e63d6 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -77,4 +77,5 @@ 
extra/CVE-2016-7157-scsi-mptconfig-fix-an-assert-expression.patch
 extra/CVE-2016-7170-vmsvga-correct-bitmap-and-pixmap-size-checks.patch
 extra/CVE-2016-7421-scsi-pvscsi-limit-process-IO-loop-to-ring-size.patch
 extra/CVE-2016-7423-scsi-mptsas-use-g_new0-to-allocate-MPTSASRequest-obj.patch
+extra/CVE-2016-7466-usb-xhci-fix-memory-leak-in-usb_xhci_exit.patch
 extra/x86-lapic-Load-LAPIC-state-at-post_load.patch
-- 
2.1.4


_______________________________________________
pve-devel mailing list
pve-devel@pve.proxmox.com
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

[pve-devel] [PATCH kvm] fix CVE-2016-7466

Reply via email to