[pve-devel] [PATCH kvm] fix CVE-2016-7466

Fabian Grünbichler f.gruenbichler at proxmox.com
Thu Sep 22 08:26:54 CEST 2016


memory leak in usb_xhci_exit
---
 ...usb-xhci-fix-memory-leak-in-usb_xhci_exit.patch | 32 ++++++++++++++++++++++
 debian/patches/series                              |  1 +
 2 files changed, 33 insertions(+)
 create mode 100644 debian/patches/extra/CVE-2016-7466-usb-xhci-fix-memory-leak-in-usb_xhci_exit.patch

diff --git a/debian/patches/extra/CVE-2016-7466-usb-xhci-fix-memory-leak-in-usb_xhci_exit.patch b/debian/patches/extra/CVE-2016-7466-usb-xhci-fix-memory-leak-in-usb_xhci_exit.patch
new file mode 100644
index 0000000..c463161
--- /dev/null
+++ b/debian/patches/extra/CVE-2016-7466-usb-xhci-fix-memory-leak-in-usb_xhci_exit.patch
@@ -0,0 +1,32 @@
+From b53dd4495ced2432a0b652ea895e651d07336f7e Mon Sep 17 00:00:00 2001
+From: Li Qiang <liqiang6-s at 360.cn>
+Date: Tue, 13 Sep 2016 03:20:03 -0700
+Subject: [PATCH] usb:xhci:fix memory leak in usb_xhci_exit
+
+If the xhci uses msix, it doesn't free the corresponding
+memory, thus leading a memory leak. This patch avoid this.
+
+Signed-off-by: Li Qiang <liqiang6-s at 360.cn>
+Message-id: 57d7d2e0.d4301c0a.d13e9.9a55 at mx.google.com
+Signed-off-by: Gerd Hoffmann <kraxel at redhat.com>
+---
+ hw/usb/hcd-xhci.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c
+index 37c1493..726435c 100644
+--- a/hw/usb/hcd-xhci.c
++++ b/hw/usb/hcd-xhci.c
+@@ -3715,8 +3715,7 @@ static void usb_xhci_exit(PCIDevice *dev)
+     /* destroy msix memory region */
+     if (dev->msix_table && dev->msix_pba
+         && dev->msix_entry_used) {
+-        memory_region_del_subregion(&xhci->mem, &dev->msix_table_mmio);
+-        memory_region_del_subregion(&xhci->mem, &dev->msix_pba_mmio);
++        msix_uninit(dev, &xhci->mem, &xhci->mem);
+     }
+ 
+     usb_bus_release(&xhci->bus);
+-- 
+2.1.4
+
diff --git a/debian/patches/series b/debian/patches/series
index 5c17cf1..b1e63d6 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -77,4 +77,5 @@ extra/CVE-2016-7157-scsi-mptconfig-fix-an-assert-expression.patch
 extra/CVE-2016-7170-vmsvga-correct-bitmap-and-pixmap-size-checks.patch
 extra/CVE-2016-7421-scsi-pvscsi-limit-process-IO-loop-to-ring-size.patch
 extra/CVE-2016-7423-scsi-mptsas-use-g_new0-to-allocate-MPTSASRequest-obj.patch
+extra/CVE-2016-7466-usb-xhci-fix-memory-leak-in-usb_xhci_exit.patch
 extra/x86-lapic-Load-LAPIC-state-at-post_load.patch
-- 
2.1.4





More information about the pve-devel mailing list