debian/patches/extra/CVE-2016-9912-virtio-gpu-call-cleanup-mapping-function-in-resource.patch

   1 From efc44f269fe72bab2c496f21809f6bef20d9c398 Mon Sep 17 00:00:00 2001
   2 From: Li Qiang <liq3ea@gmail.com>
   3 Date: Mon, 28 Nov 2016 21:29:25 -0500
   4 Subject: [PATCH 11/12] virtio-gpu: call cleanup mapping function in resource
   5  destroy
   6
   7 If the guest destroy the resource before detach banking, the 'iov'
   8 and 'addrs' field in resource is not freed thus leading memory
   9 leak issue. This patch avoid this.
  10
  11 Signed-off-by: Li Qiang <liq3ea@gmail.com>
  12 ---
  13  hw/display/virtio-gpu.c | 3 +++
  14  1 file changed, 3 insertions(+)
  15
  16 diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c
  17 index 41f8096..8903dee 100644
  18 --- a/hw/display/virtio-gpu.c
  19 +++ b/hw/display/virtio-gpu.c
  20 @@ -28,6 +28,8 @@
  21  static struct virtio_gpu_simple_resource*
  22  virtio_gpu_find_resource(VirtIOGPU *g, uint32_t resource_id);
  23
  24 +static void virtio_gpu_cleanup_mapping(struct virtio_gpu_simple_resource *res);
  25 +
  26  #ifdef CONFIG_VIRGL
  27  #include <virglrenderer.h>
  28  #define VIRGL(_g, _virgl, _simple, ...)                     \
  29 @@ -359,6 +361,7 @@ static void virtio_gpu_resource_destroy(VirtIOGPU *g,
  30                                          struct virtio_gpu_simple_resource *res)
  31  {
  32      pixman_image_unref(res->image);
  33 +    virtio_gpu_cleanup_mapping(res);
  34      QTAILQ_REMOVE(&g->reslist, res, next);
  35      g_free(res);
  36  }
  37 --
  38 2.1.4
  39