[pve-qemu-kvm.git] / debian / patches / extra / CVE-2016-9907-usbredir-free-vm_change_state_handler-in-usbredir-de.patch

From 5bbb994dd062eb3950d67db3c6189dab0df7ec9b Mon Sep 17 00:00:00 2001
From: Li Qiang <liqiang6-s@360.cn>
Date: Mon, 7 Nov 2016 21:57:46 -0800
Subject: [PATCH 04/12] usbredir: free vm_change_state_handler in usbredir
 destroy dispatch
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

In usbredir destroy dispatch function, it doesn't free the vm change
state handler once registered in usbredir_realize function. This will
lead a memory leak issue. This patch avoid this.

Signed-off-by: Li Qiang <liqiang6-s@360.cn>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-id: 58216976.d0236b0a.77b99.bcd6@mx.google.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
 hw/usb/redirect.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/hw/usb/redirect.c b/hw/usb/redirect.c
index 444672a..42aeaa4 100644
--- a/hw/usb/redirect.c
+++ b/hw/usb/redirect.c
@@ -132,6 +132,7 @@ struct USBRedirDevice {
     struct usbredirfilter_rule *filter_rules;
     int filter_rules_count;
     int compatible_speedmask;
+    VMChangeStateEntry *vmstate;
 };
 
 #define TYPE_USB_REDIR "usb-redir"
@@ -1409,7 +1410,8 @@ static void usbredir_realize(USBDevice *udev, Error **errp)
     qemu_chr_add_handlers(dev->cs, usbredir_chardev_can_read,
                           usbredir_chardev_read, usbredir_chardev_event, dev);
 
-    qemu_add_vm_change_state_handler(usbredir_vm_state_change, dev);
+    dev->vmstate =
+        qemu_add_vm_change_state_handler(usbredir_vm_state_change, dev);
 }
 
 static void usbredir_cleanup_device_queues(USBRedirDevice *dev)
@@ -1446,6 +1448,7 @@ static void usbredir_handle_destroy(USBDevice *udev)
     }
 
     free(dev->filter_rules);
+    qemu_del_vm_change_state_handler(dev->vmstate);
 }
 
 static int usbredir_check_filter(USBRedirDevice *dev)
-- 
2.1.4
Commit	Line	Data
f262231e WB	1	From 5bbb994dd062eb3950d67db3c6189dab0df7ec9b Mon Sep 17 00:00:00 2001
	2	From: Li Qiang <liqiang6-s@360.cn>
	3	Date: Mon, 7 Nov 2016 21:57:46 -0800
	4	Subject: [PATCH 04/12] usbredir: free vm_change_state_handler in usbredir
	5	destroy dispatch
	6	MIME-Version: 1.0
	7	Content-Type: text/plain; charset=UTF-8
	8	Content-Transfer-Encoding: 8bit
	9
	10	In usbredir destroy dispatch function, it doesn't free the vm change
	11	state handler once registered in usbredir_realize function. This will
	12	lead a memory leak issue. This patch avoid this.
	13
	14	Signed-off-by: Li Qiang <liqiang6-s@360.cn>
	15	Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
	16	Message-id: 58216976.d0236b0a.77b99.bcd6@mx.google.com
	17	Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
	18	---
	19	hw/usb/redirect.c \| 5 ++++-
	20	1 file changed, 4 insertions(+), 1 deletion(-)
	21
	22	diff --git a/hw/usb/redirect.c b/hw/usb/redirect.c
	23	index 444672a..42aeaa4 100644
	24	--- a/hw/usb/redirect.c
	25	+++ b/hw/usb/redirect.c
	26	@@ -132,6 +132,7 @@ struct USBRedirDevice {
	27	struct usbredirfilter_rule *filter_rules;
	28	int filter_rules_count;
	29	int compatible_speedmask;
	30	+ VMChangeStateEntry *vmstate;
	31	};
	32
	33	#define TYPE_USB_REDIR "usb-redir"
	34	@@ -1409,7 +1410,8 @@ static void usbredir_realize(USBDevice udev, Error *errp)
	35	qemu_chr_add_handlers(dev->cs, usbredir_chardev_can_read,
	36	usbredir_chardev_read, usbredir_chardev_event, dev);
	37
	38	- qemu_add_vm_change_state_handler(usbredir_vm_state_change, dev);
	39	+ dev->vmstate =
	40	+ qemu_add_vm_change_state_handler(usbredir_vm_state_change, dev);
	41	}
	42
	43	static void usbredir_cleanup_device_queues(USBRedirDevice *dev)
	44	@@ -1446,6 +1448,7 @@ static void usbredir_handle_destroy(USBDevice *udev)
	45	}
	46
	47	free(dev->filter_rules);
	48	+ qemu_del_vm_change_state_handler(dev->vmstate);
	49	}
	50
	51	static int usbredir_check_filter(USBRedirDevice *dev)
	52	--
	53	2.1.4
	54