On 12/03/2015 03:17 PM, Dmitry Fleytman wrote: > Hello Prasad, > > The patch is good. > Jason, would you apply is from attachment or should it be resent by > "git send-email”?
Better with "git send-email". And I've a question for this patch which needs to be answered before merging this. What if guest deactivate the device before re-activate the device? Thanks > > Acked-by: Dmitry Fleytman <dmi...@daynix.com <mailto:dmi...@daynix.com>> > > ~Dmitry > >> On 2 Dec 2015, at 14:17 PM, P J P <ppan...@redhat.com >> <mailto:ppan...@redhat.com>> wrote: >> >> Hello Dmitry, all >> >> A memory leakage issue was reported by Mr Qinghao Tang, CC'd here. >> >> In that, the Qemu VMXNET3 paravirtual device emulator does not check >> if the device is already active, before activating it. This leads to >> host memory leakage via calls to vmxnet_tx_pkt_init(), which calls >> g_malloc0(). >> >> === >> static void vmxnet3_activate_device(VMXNET3State *s) >> { >> ... >> /* Preallocate TX packet wrapper */ >> VMW_CFPRN("Max TX fragments is %u", s->max_tx_frags); >> vmxnet_tx_pkt_init(&s->tx_pkt, s->max_tx_frags, s->peer_has_vhdr); >> ... >> } >> === >> >> A malicious guest driver could use this flaw to leak excessive memory >> on the host, eventually killing the Qemu process. >> >> Please see attached herein is a proposed (tested)patch which fixes >> this issue. Please let me know if it's okay or requires any changes. >> >> Thank you. >> -- >> Prasad J Pandit / Red Hat Product Security Team >> 47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B >> 041F<0001-net-vmxnet3-avoid-multiple-activations-of-device.patch> >
