Hello Prasad, The patch is good. Jason, would you apply is from attachment or should it be resent by "git send-email”?
Acked-by: Dmitry Fleytman <dmi...@daynix.com <mailto:dmi...@daynix.com>> ~Dmitry > On 2 Dec 2015, at 14:17 PM, P J P <ppan...@redhat.com> wrote: > > Hello Dmitry, all > > A memory leakage issue was reported by Mr Qinghao Tang, CC'd here. > > In that, the Qemu VMXNET3 paravirtual device emulator does not check if the > device is already active, before activating it. This leads to host memory > leakage via calls to vmxnet_tx_pkt_init(), which calls g_malloc0(). > > === > static void vmxnet3_activate_device(VMXNET3State *s) > { > ... > /* Preallocate TX packet wrapper */ > VMW_CFPRN("Max TX fragments is %u", s->max_tx_frags); > vmxnet_tx_pkt_init(&s->tx_pkt, s->max_tx_frags, s->peer_has_vhdr); > ... > } > === > > A malicious guest driver could use this flaw to leak excessive memory on the > host, eventually killing the Qemu process. > > Please see attached herein is a proposed (tested)patch which fixes this > issue. Please let me know if it's okay or requires any changes. > > Thank you. > -- > Prasad J Pandit / Red Hat Product Security Team > 47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B > 041F<0001-net-vmxnet3-avoid-multiple-activations-of-device.patch>
