[Qemu-commits] [qemu/qemu] 121841: vhost-user-gpu: fix memory disclosure

qemu-commits
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] 121841: vhost-user-gpu: fix memory disclosure

From:	Peter Maydell
Subject:	[Qemu-commits] [qemu/qemu] 121841: vhost-user-gpu: fix memory disclosure in virgl_cmd...
Date:	Sun, 30 May 2021 10:39:11 -0700
  Branch: refs/heads/staging
  Home:   https://github.com/qemu/qemu
  Commit: 121841b25d72d13f8cad554363138c360f1250ea
      
https://github.com/qemu/qemu/commit/121841b25d72d13f8cad554363138c360f1250ea
  Author: Li Qiang <liq3ea@163.com>
  Date:   2021-05-27 (Thu, 27 May 2021)

  Changed paths:
    M contrib/vhost-user-gpu/virgl.c

  Log Message:
  -----------
  vhost-user-gpu: fix memory disclosure in virgl_cmd_get_capset_info 
(CVE-2021-3545)

Otherwise some of the 'resp' will be leaked to guest.

Fixes: CVE-2021-3545
Reported-by: Li Qiang <liq3ea@163.com>
virtio-gpu fix: 42a8dadc74 ("virtio-gpu: fix information leak
in getting capset info dispatch")

Signed-off-by: Li Qiang <liq3ea@163.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20210516030403.107723-2-liq3ea@163.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>


  Commit: 86dd8fac2acc366930a5dc08d3fb1b1e816f4e1e
      
https://github.com/qemu/qemu/commit/86dd8fac2acc366930a5dc08d3fb1b1e816f4e1e
  Author: Li Qiang <liq3ea@163.com>
  Date:   2021-05-27 (Thu, 27 May 2021)

  Changed paths:
    M contrib/vhost-user-gpu/vhost-user-gpu.c

  Log Message:
  -----------
  vhost-user-gpu: fix resource leak in 'vg_resource_create_2d' (CVE-2021-3544)

Call 'vugbm_buffer_destroy' in error path to avoid resource leak.

Fixes: CVE-2021-3544
Reported-by: Li Qiang <liq3ea@163.com>
Reviewed-by: Prasad J Pandit <pjp@fedoraproject.org>
Signed-off-by: Li Qiang <liq3ea@163.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20210516030403.107723-3-liq3ea@163.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>


  Commit: b9f79858a614d95f5de875d0ca31096eaab72c3b
      
https://github.com/qemu/qemu/commit/b9f79858a614d95f5de875d0ca31096eaab72c3b
  Author: Li Qiang <liq3ea@163.com>
  Date:   2021-05-27 (Thu, 27 May 2021)

  Changed paths:
    M contrib/vhost-user-gpu/vhost-user-gpu.c

  Log Message:
  -----------
  vhost-user-gpu: fix memory leak in vg_resource_attach_backing (CVE-2021-3544)

Check whether the 'res' has already been attach_backing to avoid
memory leak.

Fixes: CVE-2021-3544
Reported-by: Li Qiang <liq3ea@163.com>
virtio-gpu fix: 204f01b309 ("virtio-gpu: fix memory leak
in resource attach backing")

Signed-off-by: Li Qiang <liq3ea@163.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20210516030403.107723-4-liq3ea@163.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>


  Commit: b7afebcf9e6ecf3cf9b5a9b9b731ed04bca6aa3e
      
https://github.com/qemu/qemu/commit/b7afebcf9e6ecf3cf9b5a9b9b731ed04bca6aa3e
  Author: Li Qiang <liq3ea@163.com>
  Date:   2021-05-27 (Thu, 27 May 2021)

  Changed paths:
    M contrib/vhost-user-gpu/vhost-user-gpu.c

  Log Message:
  -----------
  vhost-user-gpu: fix memory leak while calling 'vg_resource_unref' 
(CVE-2021-3544)

If the guest trigger following sequences, the attach_backing will be leaked:

        vg_resource_create_2d
        vg_resource_attach_backing
        vg_resource_unref

This patch fix this by freeing 'res->iov' in vg_resource_destroy.

Fixes: CVE-2021-3544
Reported-by: Li Qiang <liq3ea@163.com>
virtio-gpu fix: 5e8e3c4c75 ("virtio-gpu: fix resource leak
in virgl_cmd_resource_unref")

Reviewed-by: Prasad J Pandit <pjp@fedoraproject.org>
Signed-off-by: Li Qiang <liq3ea@163.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20210516030403.107723-5-liq3ea@163.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>


  Commit: f6091d86ba9ea05f4e111b9b42ee0005c37a6779
      
https://github.com/qemu/qemu/commit/f6091d86ba9ea05f4e111b9b42ee0005c37a6779
  Author: Li Qiang <liq3ea@163.com>
  Date:   2021-05-27 (Thu, 27 May 2021)

  Changed paths:
    M contrib/vhost-user-gpu/virgl.c

  Log Message:
  -----------
  vhost-user-gpu: fix memory leak in 'virgl_cmd_resource_unref' (CVE-2021-3544)

The 'res->iov' will be leaked if the guest trigger following sequences:

        virgl_cmd_create_resource_2d
        virgl_resource_attach_backing
        virgl_cmd_resource_unref

This patch fixes this.

Fixes: CVE-2021-3544
Reported-by: Li Qiang <liq3ea@163.com>
virtio-gpu fix: 5e8e3c4c75 ("virtio-gpu: fix resource leak
in virgl_cmd_resource_unref"

Signed-off-by: Li Qiang <liq3ea@163.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20210516030403.107723-6-liq3ea@163.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>


  Commit: 63736af5a6571d9def93769431e0d7e38c6677bf
      
https://github.com/qemu/qemu/commit/63736af5a6571d9def93769431e0d7e38c6677bf
  Author: Li Qiang <liq3ea@163.com>
  Date:   2021-05-27 (Thu, 27 May 2021)

  Changed paths:
    M contrib/vhost-user-gpu/virgl.c

  Log Message:
  -----------
  vhost-user-gpu: fix memory leak in 'virgl_resource_attach_backing' 
(CVE-2021-3544)

If 'virgl_renderer_resource_attach_iov' failed, the 'res_iovs' will
be leaked.

Fixes: CVE-2021-3544
Reported-by: Li Qiang <liq3ea@163.com>
virtio-gpu fix: 33243031da ("virtio-gpu-3d: fix memory leak
in resource attach backing")

Signed-off-by: Li Qiang <liq3ea@163.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20210516030403.107723-7-liq3ea@163.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>


  Commit: 9f22893adcb02580aee5968f32baa2cd109b3ec2
      
https://github.com/qemu/qemu/commit/9f22893adcb02580aee5968f32baa2cd109b3ec2
  Author: Li Qiang <liq3ea@163.com>
  Date:   2021-05-27 (Thu, 27 May 2021)

  Changed paths:
    M contrib/vhost-user-gpu/virgl.c

  Log Message:
  -----------
  vhost-user-gpu: fix OOB write in 'virgl_cmd_get_capset' (CVE-2021-3546)

If 'virgl_cmd_get_capset' set 'max_size' to 0,
the 'virgl_renderer_fill_caps' will write the data after the 'resp'.
This patch avoid this by checking the returned 'max_size'.

virtio-gpu fix: abd7f08b23 ("display: virtio-gpu-3d: check
virgl capabilities max_size")

Fixes: CVE-2021-3546
Reported-by: Li Qiang <liq3ea@163.com>
Reviewed-by: Prasad J Pandit <pjp@fedoraproject.org>
Signed-off-by: Li Qiang <liq3ea@163.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20210516030403.107723-8-liq3ea@163.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>


  Commit: 3ea32d1355d446057c17458238db2749c52ee8f0
      
https://github.com/qemu/qemu/commit/3ea32d1355d446057c17458238db2749c52ee8f0
  Author: Li Qiang <liq3ea@163.com>
  Date:   2021-05-27 (Thu, 27 May 2021)

  Changed paths:
    M contrib/vhost-user-gpu/vhost-user-gpu.c
    M contrib/vhost-user-gpu/virgl.c
    M contrib/vhost-user-gpu/vugpu.h

  Log Message:
  -----------
  vhost-user-gpu: abstract vg_cleanup_mapping_iov

Currently in vhost-user-gpu, we free resource directly in
the cleanup case of resource. If we change the cleanup logic
we need to change several places, also abstruct a
'vg_create_mapping_iov' can be symmetry with the
'vg_create_mapping_iov'. This is like what virtio-gpu does,
no function changed.

Signed-off-by: Li Qiang <liq3ea@163.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20210516030403.107723-9-liq3ea@163.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>


  Commit: ce7015d9e8669e2a45aba7a95fe6ef8a8f55bfe0
      
https://github.com/qemu/qemu/commit/ce7015d9e8669e2a45aba7a95fe6ef8a8f55bfe0
  Author: maobibo <maobibo@loongson.cn>
  Date:   2021-05-27 (Thu, 27 May 2021)

  Changed paths:
    M hw/display/qxl.c

  Log Message:
  -----------
  hw/display/qxl: Set pci rom address aligned with page size

On some MIPS system, page size is 16K, and qxl vga device can
be used for VM in kvm mode. Qxl pci rom size is set 8K fixed,
smaller than 16K page size on host system, it fails to be
added into memslots in kvm mode where memory_size and GPA
are required to align with page size.

This patch fixes this issue.

Signed-off-by: Bibo Mao <maobibo@loongson.cn>
Message-Id: <1621340448-31617-1-git-send-email-maobibo@loongson.cn>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>


  Commit: 87f12216d9268ed90e6114a22cbc3f53b0fd8457
      
https://github.com/qemu/qemu/commit/87f12216d9268ed90e6114a22cbc3f53b0fd8457
  Author: Vivek Kasireddy <vivek.kasireddy@intel.com>
  Date:   2021-05-27 (Thu, 27 May 2021)

  Changed paths:
    M include/ui/console.h
    M ui/meson.build
    A ui/udmabuf.c

  Log Message:
  -----------
  ui: Get the fd associated with udmabuf driver

Try to open the udmabuf dev node for the first time or return the
fd if the device was previously opened.

Based-on-patch-by: Gerd Hoffmann <kraxel@redhat.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Vivek Kasireddy <vivek.kasireddy@intel.com>
Message-Id: <20210526231429.1045476-2-vivek.kasireddy@intel.com>

[ kraxel: fixup fcntl.h include ]

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>


  Commit: 4d010861611641c225a889d777e2670e3b8e4b3c
      
https://github.com/qemu/qemu/commit/4d010861611641c225a889d777e2670e3b8e4b3c
  Author: Vivek Kasireddy <vivek.kasireddy@intel.com>
  Date:   2021-05-27 (Thu, 27 May 2021)

  Changed paths:
    A include/standard-headers/linux/udmabuf.h
    M scripts/update-linux-headers.sh

  Log Message:
  -----------
  headers: Add udmabuf.h

This adds udmabuf header to standard headers so that the
relevant udmabuf objects can be accessed in subsequent
patches.

Based-on-patch-by: Gerd Hoffmann <kraxel@redhat.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Vivek Kasireddy <vivek.kasireddy@intel.com>
Message-Id: <20210526231429.1045476-3-vivek.kasireddy@intel.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>


  Commit: 9b60cdf98723b52d32fdd131f709923e05c0000f
      
https://github.com/qemu/qemu/commit/9b60cdf98723b52d32fdd131f709923e05c0000f
  Author: Vivek Kasireddy <vivek.kasireddy@intel.com>
  Date:   2021-05-27 (Thu, 27 May 2021)

  Changed paths:
    M hw/display/meson.build
    A hw/display/virtio-gpu-udmabuf.c
    M include/hw/virtio/virtio-gpu.h

  Log Message:
  -----------
  virtio-gpu: Add udmabuf helpers

Add helper functions to create a dmabuf for a resource and mmap it.
Also, introduce the fields blob and blob_size so that these helpers
can start to use them but the full picture will emerge only after
adding create_blob API in patch 8 of this series.

To be able to create a dmabuf using the udmabuf driver, Qemu needs
to be lauched with the memfd memory backend like this:

qemu-system-x86_64 -m 8192m -object memory-backend-memfd,id=mem1,size=8192M
-machine memory-backend=mem1

Based-on-patch-by: Gerd Hoffmann <kraxel@redhat.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Vivek Kasireddy <vivek.kasireddy@intel.com>
Message-Id: <20210526231429.1045476-4-vivek.kasireddy@intel.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>


  Commit: 9192a40655140b743dfe0b1f921ab3b8b51579bf
      
https://github.com/qemu/qemu/commit/9192a40655140b743dfe0b1f921ab3b8b51579bf
  Author: Vivek Kasireddy <vivek.kasireddy@intel.com>
  Date:   2021-05-27 (Thu, 27 May 2021)

  Changed paths:
    M meson.build
    M stubs/meson.build
    A stubs/virtio-gpu-udmabuf.c

  Log Message:
  -----------
  stubs: Add stubs for udmabuf helpers

This is needed to ensure that virtio-gpu device works for
non-linux builds.

Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Vivek Kasireddy <vivek.kasireddy@intel.com>
Message-Id: <20210526231429.1045476-5-vivek.kasireddy@intel.com>

[ kraxel: add virtio-gpu-udmabuf.c stubs only when building
          system emulation ]

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>


  Commit: 25c001a40346342550ba152817ab306b6df0bd77
      
https://github.com/qemu/qemu/commit/25c001a40346342550ba152817ab306b6df0bd77
  Author: Vivek Kasireddy <vivek.kasireddy@intel.com>
  Date:   2021-05-27 (Thu, 27 May 2021)

  Changed paths:
    M hw/display/virtio-gpu.c

  Log Message:
  -----------
  virtio-gpu: Add virtio_gpu_find_check_resource

Move finding the resource and validating its backing storage into one
function.

Based-on-patch-by: Gerd Hoffmann <kraxel@redhat.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Vivek Kasireddy <vivek.kasireddy@intel.com>
Message-Id: <20210526231429.1045476-6-vivek.kasireddy@intel.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>


  Commit: e64d4b6a9bc3ba216a988276bcdc27d06fd48e59
      
https://github.com/qemu/qemu/commit/e64d4b6a9bc3ba216a988276bcdc27d06fd48e59
  Author: Vivek Kasireddy <vivek.kasireddy@intel.com>
  Date:   2021-05-27 (Thu, 27 May 2021)

  Changed paths:
    M hw/display/virtio-gpu.c
    M include/hw/virtio/virtio-gpu.h

  Log Message:
  -----------
  virtio-gpu: Refactor virtio_gpu_set_scanout

Store the meta-data associated with a FB in a new object
(struct virtio_gpu_framebuffer) and pass the object to set_scanout.
Also move code in set_scanout into a do_set_scanout function.
This will be helpful when adding set_scanout_blob API.

Based-on-patch-by: Gerd Hoffmann <kraxel@redhat.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Vivek Kasireddy <vivek.kasireddy@intel.com>
Message-Id: <20210526231429.1045476-7-vivek.kasireddy@intel.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>


  Commit: 70d376623121f8ce77333fc96cd0d4c0719a5a4b
      
https://github.com/qemu/qemu/commit/70d376623121f8ce77333fc96cd0d4c0719a5a4b
  Author: Vivek Kasireddy <vivek.kasireddy@intel.com>
  Date:   2021-05-27 (Thu, 27 May 2021)

  Changed paths:
    M hw/display/virtio-gpu-virgl.c
    M hw/display/virtio-gpu.c
    M include/hw/virtio/virtio-gpu.h

  Log Message:
  -----------
  virtio-gpu: Refactor virtio_gpu_create_mapping_iov

Instead of passing the attach_backing object to extract nr_entries
and offset, explicitly pass these as arguments to this function.
This will be helpful when adding create_blob API.

Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Vivek Kasireddy <vivek.kasireddy@intel.com>
Message-Id: <20210526231429.1045476-8-vivek.kasireddy@intel.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>


  Commit: cce386e19ebb44cdb3517b6969af558c6edd2090
      
https://github.com/qemu/qemu/commit/cce386e19ebb44cdb3517b6969af558c6edd2090
  Author: Vivek Kasireddy <vivek.kasireddy@intel.com>
  Date:   2021-05-27 (Thu, 27 May 2021)

  Changed paths:
    M hw/display/virtio-gpu-base.c
    M hw/display/virtio-gpu.c
    M include/hw/virtio/virtio-gpu.h

  Log Message:
  -----------
  virtio-gpu: Add initial definitions for blob resources

Add the property bit, configuration flag and other relevant
macros and definitions associated with this feature.

Based-on-patch-by: Gerd Hoffmann <kraxel@redhat.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Vivek Kasireddy <vivek.kasireddy@intel.com>
Message-Id: <20210526231429.1045476-9-vivek.kasireddy@intel.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>


  Commit: e0933d91b1cdde2828955b02042e100dffd27399
      
https://github.com/qemu/qemu/commit/e0933d91b1cdde2828955b02042e100dffd27399
  Author: Vivek Kasireddy <vivek.kasireddy@intel.com>
  Date:   2021-05-27 (Thu, 27 May 2021)

  Changed paths:
    M hw/display/trace-events
    M hw/display/virtio-gpu.c
    M include/hw/virtio/virtio-gpu-bswap.h

  Log Message:
  -----------
  virtio-gpu: Add virtio_gpu_resource_create_blob

This API allows Qemu to register the blob allocated by the Guest
as a new resource and map its backing storage.

Based-on-patch-by: Gerd Hoffmann <kraxel@redhat.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Vivek Kasireddy <vivek.kasireddy@intel.com>
Message-Id: <20210526231429.1045476-10-vivek.kasireddy@intel.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>


  Commit: 8069b73bee8915acdeb69b4456b216f637032e7e
      
https://github.com/qemu/qemu/commit/8069b73bee8915acdeb69b4456b216f637032e7e
  Author: Vivek Kasireddy <vivek.kasireddy@intel.com>
  Date:   2021-05-27 (Thu, 27 May 2021)

  Changed paths:
    M include/ui/qemu-pixman.h
    M ui/qemu-pixman.c

  Log Message:
  -----------
  ui/pixman: Add qemu_pixman_to_drm_format()

This new function to get the drm_format associated with a pixman
format will be useful while creating a dmabuf.

Based-on-patch-by: Gerd Hoffmann <kraxel@redhat.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Vivek Kasireddy <vivek.kasireddy@intel.com>
Message-Id: <20210526231429.1045476-11-vivek.kasireddy@intel.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>


  Commit: 5752519e93e2783c7fdca15b3480eb0f8687fb94
      
https://github.com/qemu/qemu/commit/5752519e93e2783c7fdca15b3480eb0f8687fb94
  Author: Vivek Kasireddy <vivek.kasireddy@intel.com>
  Date:   2021-05-27 (Thu, 27 May 2021)

  Changed paths:
    M hw/display/virtio-gpu-udmabuf.c
    M include/hw/virtio/virtio-gpu.h
    M stubs/virtio-gpu-udmabuf.c

  Log Message:
  -----------
  virtio-gpu: Add helpers to create and destroy dmabuf objects

These helpers can be useful for creating dmabuf objects from blobs
and submitting them to the UI.

Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Vivek Kasireddy <vivek.kasireddy@intel.com>
Message-Id: <20210526231429.1045476-12-vivek.kasireddy@intel.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>


  Commit: 81cd9f71087b31d0fb231d3736a31262d232375e
      
https://github.com/qemu/qemu/commit/81cd9f71087b31d0fb231d3736a31262d232375e
  Author: Vivek Kasireddy <vivek.kasireddy@intel.com>
  Date:   2021-05-27 (Thu, 27 May 2021)

  Changed paths:
    M hw/display/virtio-gpu.c

  Log Message:
  -----------
  virtio-gpu: Factor out update scanout

Creating a small helper function for updating the scanout
will be useful in the next patch where this needs to be
done early in do_set_scanout before returning.

Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Vivek Kasireddy <vivek.kasireddy@intel.com>
Message-Id: <20210526231429.1045476-13-vivek.kasireddy@intel.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>


  Commit: 32db3c63ae113da6ac06d65d1ffb764e0c357a6c
      
https://github.com/qemu/qemu/commit/32db3c63ae113da6ac06d65d1ffb764e0c357a6c
  Author: Vivek Kasireddy <vivek.kasireddy@intel.com>
  Date:   2021-05-27 (Thu, 27 May 2021)

  Changed paths:
    M hw/display/trace-events
    M hw/display/virtio-gpu.c
    M include/hw/virtio/virtio-gpu-bswap.h

  Log Message:
  -----------
  virtio-gpu: Add virtio_gpu_set_scanout_blob

This API allows Qemu to set the blob allocated by the Guest as
the scanout buffer. If Opengl support is available, then the
scanout buffer would be submitted as a dmabuf to the UI; if not,
a pixman image is created from the scanout buffer and is
submitted to the UI via the display surface.

Based-on-patch-by: Gerd Hoffmann <kraxel@redhat.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Vivek Kasireddy <vivek.kasireddy@intel.com>
Message-Id: <20210526231429.1045476-14-vivek.kasireddy@intel.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>


  Commit: bdd53f739273e97b5e5617b699d1763c42a5ea7e
      
https://github.com/qemu/qemu/commit/bdd53f739273e97b5e5617b699d1763c42a5ea7e
  Author: Vivek Kasireddy <vivek.kasireddy@intel.com>
  Date:   2021-05-27 (Thu, 27 May 2021)

  Changed paths:
    M hw/display/virtio-gpu.c

  Log Message:
  -----------
  virtio-gpu: Update cursor data using blob

If a blob is available for the cursor, copy the data from the blob.

Based-on-patch-by: Gerd Hoffmann <kraxel@redhat.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Vivek Kasireddy <vivek.kasireddy@intel.com>
Message-Id: <20210526231429.1045476-15-vivek.kasireddy@intel.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>


  Commit: f9dc72de91d2915b808e82da34bf613afa5cce43
      
https://github.com/qemu/qemu/commit/f9dc72de91d2915b808e82da34bf613afa5cce43
  Author: Peter Maydell <peter.maydell@linaro.org>
  Date:   2021-05-30 (Sun, 30 May 2021)

  Changed paths:
    M contrib/vhost-user-gpu/vhost-user-gpu.c
    M contrib/vhost-user-gpu/virgl.c
    M contrib/vhost-user-gpu/vugpu.h
    M hw/display/meson.build
    M hw/display/qxl.c
    M hw/display/trace-events
    M hw/display/virtio-gpu-base.c
    A hw/display/virtio-gpu-udmabuf.c
    M hw/display/virtio-gpu-virgl.c
    M hw/display/virtio-gpu.c
    M include/hw/virtio/virtio-gpu-bswap.h
    M include/hw/virtio/virtio-gpu.h
    A include/standard-headers/linux/udmabuf.h
    M include/ui/console.h
    M include/ui/qemu-pixman.h
    M meson.build
    M scripts/update-linux-headers.sh
    M stubs/meson.build
    A stubs/virtio-gpu-udmabuf.c
    M ui/meson.build
    M ui/qemu-pixman.c
    A ui/udmabuf.c

  Log Message:
  -----------
  Merge remote-tracking branch 'remotes/kraxel/tags/vga-20210527-pull-request' 
into staging

virtio-gpu: add blob resource support.
vhost-user-gpu: security fixes.

# gpg: Signature made Thu 27 May 2021 15:23:25 BST
# gpg:                using RSA key A0328CFFB93A17A79901FE7D4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full]
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>" [full]
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full]
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/vga-20210527-pull-request: (23 commits)
  virtio-gpu: Update cursor data using blob
  virtio-gpu: Add virtio_gpu_set_scanout_blob
  virtio-gpu: Factor out update scanout
  virtio-gpu: Add helpers to create and destroy dmabuf objects
  ui/pixman: Add qemu_pixman_to_drm_format()
  virtio-gpu: Add virtio_gpu_resource_create_blob
  virtio-gpu: Add initial definitions for blob resources
  virtio-gpu: Refactor virtio_gpu_create_mapping_iov
  virtio-gpu: Refactor virtio_gpu_set_scanout
  virtio-gpu: Add virtio_gpu_find_check_resource
  stubs: Add stubs for udmabuf helpers
  virtio-gpu: Add udmabuf helpers
  headers: Add udmabuf.h
  ui: Get the fd associated with udmabuf driver
  hw/display/qxl: Set pci rom address aligned with page size
  vhost-user-gpu: abstract vg_cleanup_mapping_iov
  vhost-user-gpu: fix OOB write in 'virgl_cmd_get_capset' (CVE-2021-3546)
  vhost-user-gpu: fix memory leak in 'virgl_resource_attach_backing' 
(CVE-2021-3544)
  vhost-user-gpu: fix memory leak in 'virgl_cmd_resource_unref' (CVE-2021-3544)
  vhost-user-gpu: fix memory leak while calling 'vg_resource_unref' 
(CVE-2021-3544)
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>


Compare: https://github.com/qemu/qemu/compare/a648df38898d...f9dc72de91d2
[Prev in Thread]
Current Thread
[Next in Thread]
[Qemu-commits] [qemu/qemu] 121841: vhost-user-gpu: fix memory disclosure in virgl_cmd..., Peter Maydell <=
- [Qemu-commits] [qemu/qemu] 121841: vhost-user-gpu: fix memory disclosure in virgl_cmd..., Peter Maydell, 2021/05/30
Prev by Date: [Qemu-commits] [qemu/qemu] f607dc: hw/net/imx_fec: return 0xffff when accessing non-e...
Next by Date: [Qemu-commits] [qemu/qemu] 121841: vhost-user-gpu: fix memory disclosure in virgl_cmd...
Previous by thread: [Qemu-commits] [qemu/qemu] f607dc: hw/net/imx_fec: return 0xffff when accessing non-e...
Next by thread: [Qemu-commits] [qemu/qemu] 121841: vhost-user-gpu: fix memory disclosure in virgl_cmd...
Index(es):
- Date
- Thread