[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] d710e1: usb: ehci: fix memory leak in ehci
From: |
GitHub |
Subject: |
[Qemu-commits] [qemu/qemu] d710e1: usb: ehci: fix memory leak in ehci |
Date: |
Tue, 21 Feb 2017 02:30:11 -0800 |
Branch: refs/heads/master
Home: https://github.com/qemu/qemu
Commit: d710e1e7bd3d5bfc26b631f02ae87901ebe646b0
https://github.com/qemu/qemu/commit/d710e1e7bd3d5bfc26b631f02ae87901ebe646b0
Author: Li Qiang <address@hidden>
Date: 2017-02-21 (Tue, 21 Feb 2017)
Changed paths:
M hw/usb/hcd-ehci-pci.c
M hw/usb/hcd-ehci.c
M hw/usb/hcd-ehci.h
Log Message:
-----------
usb: ehci: fix memory leak in ehci
In usb_ehci_init function, it initializes 's->ipacket', but there
is no corresponding function to free this. As the ehci can be hotplug
and unplug, this will leak host memory leak. In order to make the
hierarchy clean, we should add a ehci pci finalize function, then call
the clean function in ehci device.
Signed-off-by: Li Qiang <address@hidden>
Message-id: address@hidden
Signed-off-by: Gerd Hoffmann <address@hidden>
Commit: 26f670a244982335cc08943fb1ec099a2c81e42d
https://github.com/qemu/qemu/commit/26f670a244982335cc08943fb1ec099a2c81e42d
Author: Li Qiang <address@hidden>
Date: 2017-02-21 (Tue, 21 Feb 2017)
Changed paths:
M hw/usb/hcd-ohci.c
Log Message:
-----------
usb: ohci: fix error return code in servicing iso td
It should return 1 if an error occurs when reading iso td.
This will avoid an infinite loop issue in ohci_service_ed_list.
Signed-off-by: Li Qiang <address@hidden>
Message-id: address@hidden
Signed-off-by: Gerd Hoffmann <address@hidden>
Commit: 95ed56939eb2eaa4e2f349fe6dcd13ca4edfd8fb
https://github.com/qemu/qemu/commit/95ed56939eb2eaa4e2f349fe6dcd13ca4edfd8fb
Author: Li Qiang <address@hidden>
Date: 2017-02-21 (Tue, 21 Feb 2017)
Changed paths:
M hw/usb/hcd-ohci.c
Log Message:
-----------
usb: ohci: limit the number of link eds
The guest may builds an infinite loop with link eds. This patch
limit the number of linked ed to avoid this.
Signed-off-by: Li Qiang <address@hidden>
Message-id: address@hidden
Signed-off-by: Gerd Hoffmann <address@hidden>
Commit: f89b60f6e5fee3923bedf80e82b4e5efc1bb156b
https://github.com/qemu/qemu/commit/f89b60f6e5fee3923bedf80e82b4e5efc1bb156b
Author: Gerd Hoffmann <address@hidden>
Date: 2017-02-21 (Tue, 21 Feb 2017)
Changed paths:
M hw/usb/hcd-xhci.c
M hw/usb/trace-events
Log Message:
-----------
xhci: apply limits to loops
Limits should be big enough that normal guest should not hit it.
Add a tracepoint to log them, just in case. Also, while being
at it, log the existing link trb limit too.
Reported-by: 李强 <address@hidden>
Signed-off-by: Gerd Hoffmann <address@hidden>
Message-id: address@hidden
Commit: 898248a32915024a4f01ce4f0c3519509fb703cb
https://github.com/qemu/qemu/commit/898248a32915024a4f01ce4f0c3519509fb703cb
Author: Gerd Hoffmann <address@hidden>
Date: 2017-02-21 (Tue, 21 Feb 2017)
Changed paths:
M hw/usb/hcd-xhci.c
Log Message:
-----------
xhci: drop ER_FULL_HACK workaround
The nec/renesas driver problems have finally been debugged and root
caused, see commit "7da76e1 xhci: fix event queue IRQ handling".
It's pretty clear now that
(a) The whole "driver can't handle ring full" story is most likely
wrong.
(b) The ER_FULL_HACK workaround based on the false assumtion doesn't
much. It avoids the driver crashing (without commit 7da76e1), but
it doesn't make usb work.
(c) With 7da76e1 applied it doesn't trigger any more.
So, lets kill it. Or, to be exact, lets almost kill it. Some data
fields are kept unused in the state struct, for live migration backward
compatibility.
Signed-off-by: Gerd Hoffmann <address@hidden>
Message-id: address@hidden
Commit: 72a810f411abaabc55f375533220adf69e059c89
https://github.com/qemu/qemu/commit/72a810f411abaabc55f375533220adf69e059c89
Author: Gerd Hoffmann <address@hidden>
Date: 2017-02-21 (Tue, 21 Feb 2017)
Changed paths:
M docs/specs/pci-ids.txt
M hw/usb/hcd-xhci.c
M include/hw/pci/pci.h
Log Message:
-----------
xhci: add qemu xhci controller
Turn existing TYPE_XHCI into an abstract base class.
Create two child classes, TYPE_NEC_XHCI (same name as old xhci
controller) and TYPE_QEMU_XHCI (using an ID from our namespace).
Signed-off-by: Gerd Hoffmann <address@hidden>
Reviewed-by: Marcel Apfelbaum <address@hidden>
Message-id: address@hidden
Commit: 2992d6b49ce7ca2d4c02ff6baf23fc815879eef3
https://github.com/qemu/qemu/commit/2992d6b49ce7ca2d4c02ff6baf23fc815879eef3
Author: Gerd Hoffmann <address@hidden>
Date: 2017-02-21 (Tue, 21 Feb 2017)
Changed paths:
M hw/usb/hcd-xhci.c
Log Message:
-----------
xhci: fix nec vendor quirk handling
Only the TYPE_NEC_XHCI controller will have the nec vendor quirks.
Signed-off-by: Gerd Hoffmann <address@hidden>
Message-id: address@hidden
Commit: 558ff1b6efcebd7f919bae3e36b97fa6f9139f42
https://github.com/qemu/qemu/commit/558ff1b6efcebd7f919bae3e36b97fa6f9139f42
Author: Gerd Hoffmann <address@hidden>
Date: 2017-02-21 (Tue, 21 Feb 2017)
Changed paths:
M hw/usb/hcd-xhci.c
Log Message:
-----------
xhci: drop via vendor command handling
Seems pretty pointless, we don't emulate an via xhci controller.
Signed-off-by: Gerd Hoffmann <address@hidden>
Message-id: address@hidden
Commit: 0aeebc73b7976bae5cb7e9768e3d9a0fd9d634e8
https://github.com/qemu/qemu/commit/0aeebc73b7976bae5cb7e9768e3d9a0fd9d634e8
Author: Gerd Hoffmann <address@hidden>
Date: 2017-02-21 (Tue, 21 Feb 2017)
Changed paths:
M hw/usb/dev-smartcard-reader.c
Log Message:
-----------
usb-ccid: better bulk_out error handling
Add err goto label where we can jump to from all error conditions.
STALL request on all errors. Reset position on all errors.
Normal request processing is not in a else branch any more, so this code
is reintended, there are no code changes in that part of the code
though.
Signed-off-by: Gerd Hoffmann <address@hidden>
Reviewed-by: Marc-André Lureau <address@hidden>
Message-id: address@hidden
Commit: 7569c54642e8aa9fa03e250c7c578bd4d3747f00
https://github.com/qemu/qemu/commit/7569c54642e8aa9fa03e250c7c578bd4d3747f00
Author: Gerd Hoffmann <address@hidden>
Date: 2017-02-21 (Tue, 21 Feb 2017)
Changed paths:
M hw/usb/dev-smartcard-reader.c
Log Message:
-----------
usb-ccid: move header size check
Move up header size check, so we can use header fields in sanity checks
(in followup patches). Also reword the debug message.
Signed-off-by: Gerd Hoffmann <address@hidden>
Reviewed-by: Marc-André Lureau <address@hidden>
Message-id: address@hidden
Commit: 31fb4444a485a348f8e2699d7c3dd15e1819ad2c
https://github.com/qemu/qemu/commit/31fb4444a485a348f8e2699d7c3dd15e1819ad2c
Author: Gerd Hoffmann <address@hidden>
Date: 2017-02-21 (Tue, 21 Feb 2017)
Changed paths:
M hw/usb/dev-smartcard-reader.c
Log Message:
-----------
usb-ccid: add check message size checks
Check message size too when figuring whenever we should expect more data.
Fix debug message to show useful data, p->iov.size is fixed anyway if we
land there, print how much we got meanwhile instead.
Also check announced message size against actual message size. That
is a more general fix for CVE-2017-5898 than commit "c7dfbf3 usb: ccid:
check ccid apdu length".
Signed-off-by: Gerd Hoffmann <address@hidden>
Reviewed-by: Marc-André Lureau <address@hidden>
Message-id: address@hidden
Commit: b856256179f14c33a513d0b9cc3e4be355b95f43
https://github.com/qemu/qemu/commit/b856256179f14c33a513d0b9cc3e4be355b95f43
Author: Peter Maydell <address@hidden>
Date: 2017-02-21 (Tue, 21 Feb 2017)
Changed paths:
M docs/specs/pci-ids.txt
M hw/usb/dev-smartcard-reader.c
M hw/usb/hcd-ehci-pci.c
M hw/usb/hcd-ehci.c
M hw/usb/hcd-ehci.h
M hw/usb/hcd-ohci.c
M hw/usb/hcd-xhci.c
M hw/usb/trace-events
M include/hw/pci/pci.h
Log Message:
-----------
Merge remote-tracking branch 'remotes/kraxel/tags/pull-usb-20170221-1' into
staging
xhci: add qemu-xhci device, some followup cleanups.
ccid: better sanity checking.
ehci: fix memory leak
ohci: bugfixes.
# gpg: Signature made Tue 21 Feb 2017 07:14:35 GMT
# gpg: using RSA key 0x4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <address@hidden>"
# gpg: aka "Gerd Hoffmann <address@hidden>"
# gpg: aka "Gerd Hoffmann (private) <address@hidden>"
# Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138
* remotes/kraxel/tags/pull-usb-20170221-1:
usb-ccid: add check message size checks
usb-ccid: move header size check
usb-ccid: better bulk_out error handling
xhci: drop via vendor command handling
xhci: fix nec vendor quirk handling
xhci: add qemu xhci controller
xhci: drop ER_FULL_HACK workaround
xhci: apply limits to loops
usb: ohci: limit the number of link eds
usb: ohci: fix error return code in servicing iso td
usb: ehci: fix memory leak in ehci
Signed-off-by: Peter Maydell <address@hidden>
Compare: https://github.com/qemu/qemu/compare/56f9e46b841c...b856256179f1
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Qemu-commits] [qemu/qemu] d710e1: usb: ehci: fix memory leak in ehci,
GitHub <=