Philippe Mathieu-Daudé <phi...@redhat.com> 于2021年5月11日周二 上午3:25写道: > > On 5/5/21 11:35 AM, Marc-André Lureau wrote: > > Hi > > > > On Wed, May 5, 2021 at 1:28 PM Li Qiang <liq...@gmail.com > > <mailto:liq...@gmail.com>> wrote: > > > > Marc-André Lureau <marcandre.lur...@gmail.com > > <mailto:marcandre.lur...@gmail.com>> 于2021年5月5日周三 下午5:10写道: > > > > > > Hi > > > > > > On Wed, May 5, 2021 at 9:21 AM Li Qiang <liq...@163.com > > <mailto:liq...@163.com>> wrote: > > >> > > >> These security issue is low severity and is similar with the > > >> virtio-vga/virtio-gpu device. All of them can be triggered by > > >> the guest user. > > >> > > >> Li Qiang (7): > > >> vhost-user-gpu: fix memory disclosure in virgl_cmd_get_capset_info > > >> vhost-user-gpu: fix resource leak in 'vg_resource_create_2d' > > >> vhost-user-gpu: fix memory leak in vg_resource_attach_backing > > >> vhost-user-gpu: fix memory link while calling 'vg_resource_unref' > > >> vhost-user-gpu: fix memory leak in 'virgl_cmd_resource_unref' > > >> vhost-user-gpu: fix memory leak in 'virgl_resource_attach_backing' > > >> vhost-user-gpu: fix OOB write in 'virgl_cmd_get_capset' > > >> > > >> contrib/vhost-user-gpu/vhost-user-gpu.c | 7 +++++++ > > >> contrib/vhost-user-gpu/virgl.c | 17 ++++++++++++++++- > > >> 2 files changed, 23 insertions(+), 1 deletion(-) > > >> > > >> -- > > > > > > > > > The whole series looks good to me, and applies fixes that were > > done earlier in virtio-gpu. > > > > Do you mean you have merged this series? > > Should I tweak something such as "adding the original fix in > > virtio-gpu"/"better mapping iov cleanup"? > > Yes, and please also mention the corresponding CVE (CVE-2021-3544, > CVE-2021-3545, CVE-2021-3546). >
OK, I'm still waiting for the some of the patch's response from Prasad. Kindly ping @Prasad Thanks, Li Qiang > > > > > > No I didn't. I was waiting for the answers to Prasad questions, and > > eventually v2. > > > > Then either Gerd or me can queue this imho. > > > > -- > > Marc-André Lureau >