diff options
author | Ian Delaney <idella4@gentoo.org> | 2013-05-16 05:26:22 +0000 |
---|---|---|
committer | Ian Delaney <idella4@gentoo.org> | 2013-05-16 05:26:22 +0000 |
commit | 21188ea3dfb462e65d6601bcc20dd71afaadacd0 (patch) | |
tree | f6033d9e890b2272a395033ba9825c11178952e1 | |
parent | Version bump. (diff) | |
download | gentoo-2-21188ea3dfb462e65d6601bcc20dd71afaadacd0.tar.gz gentoo-2-21188ea3dfb462e65d6601bcc20dd71afaadacd0.tar.bz2 gentoo-2-21188ea3dfb462e65d6601bcc20dd71afaadacd0.zip |
Fix to leak in qemu-system, reported in Bug #467200 and tested by László Szalma, patch from [Qemu-devel], closes said bug
(Portage version: 2.1.11.62/cvs/Linux x86_64, signed Manifest commit with key 0xB8072B0D)
4 files changed, 88 insertions, 6 deletions
diff --git a/app-emulation/xen-tools/ChangeLog b/app-emulation/xen-tools/ChangeLog index 07d131dca998..3340aff36702 100644 --- a/app-emulation/xen-tools/ChangeLog +++ b/app-emulation/xen-tools/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for app-emulation/xen-tools # Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen-tools/ChangeLog,v 1.149 2013/05/15 20:33:05 zx2c4 Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen-tools/ChangeLog,v 1.150 2013/05/16 05:26:22 idella4 Exp $ + + 16 May 2013; Ian Delaney <idella4@gentoo.org> + +files/xen-tools-4.2-xen_disk_leak.patch, xen-tools-4.2.1-r3.ebuild, + xen-tools-4.2.2-r1.ebuild: + Fix to leak in qemu-system, reported in Bug #467200 and tested by László + Szalma, patch from [Qemu-devel], closes said bug *xen-tools-4.2.2-r1 (15 May 2013) diff --git a/app-emulation/xen-tools/files/xen-tools-4.2-xen_disk_leak.patch b/app-emulation/xen-tools/files/xen-tools-4.2-xen_disk_leak.patch new file mode 100644 index 000000000000..481eb65c4302 --- /dev/null +++ b/app-emulation/xen-tools/files/xen-tools-4.2-xen_disk_leak.patch @@ -0,0 +1,74 @@ +From: Roger Pau Monne +Subject: [Qemu-devel] [PATCH RFC 2/3] xen_disk: fix memory leak +Date: Mon, 31 Dec 2012 13:16:13 +0100 + +On ioreq_release the full ioreq +was memset to 0, loosing all the data +and memory allocations inside the QEMUIOVector, which leads to a +memory leak. Create a new function to specifically reset ioreq. + +Reported-by: Maik Wessler <address@hidden> +Signed-off-by: Roger Pau Monné <address@hidden> +Cc: address@hidden +Cc: Stefano Stabellini <address@hidden> +Cc: Anthony PERARD <address@hidden> +--- + hw/xen_disk.c | 28 ++++++++++++++++++++++++++-- + 1 files changed, 26 insertions(+), 2 deletions(-) + +diff --git a/hw/xen_disk.c b/hw/xen_disk.c +index a159ee5..1eb485a 100644 +--- a/tools/qemu-xen/hw/xen_disk.c ++++ b/tools/qemu-xen/hw/xen_disk.c +@@ -113,6 +113,31 @@ struct XenBlkDev { + + /* ------------------------------------------------------------- */ + ++static void ioreq_reset(struct ioreq *ioreq) ++{ ++ memset(&ioreq->req, 0, sizeof(ioreq->req)); ++ ioreq->status = 0; ++ ioreq->start = 0; ++ ioreq->presync = 0; ++ ioreq->postsync = 0; ++ ioreq->mapped = 0; ++ ++ memset(ioreq->domids, 0, sizeof(ioreq->domids)); ++ memset(ioreq->refs, 0, sizeof(ioreq->refs)); ++ ioreq->prot = 0; ++ memset(ioreq->page, 0, sizeof(ioreq->page)); ++ ioreq->pages = NULL; ++ ++ ioreq->aio_inflight = 0; ++ ioreq->aio_errors = 0; ++ ++ ioreq->blkdev = NULL; ++ memset(&ioreq->list, 0, sizeof(ioreq->list)); ++ memset(&ioreq->acct, 0, sizeof(ioreq->acct)); ++ ++ qemu_iovec_reset(&ioreq->v); ++} ++ + static struct ioreq *ioreq_start(struct XenBlkDev *blkdev) + { + struct ioreq *ioreq = NULL; +@@ -130,7 +155,6 @@ static struct ioreq *ioreq_start(struct XenBlkDev *blkdev) + /* get one from freelist */ + ioreq = QLIST_FIRST(&blkdev->freelist); + QLIST_REMOVE(ioreq, list); +- qemu_iovec_reset(&ioreq->v); + } + QLIST_INSERT_HEAD(&blkdev->inflight, ioreq, list); + blkdev->requests_inflight++; +@@ -154,7 +178,7 @@ static void ioreq_release(struct ioreq *ioreq, bool finish) + struct XenBlkDev *blkdev = ioreq->blkdev; + + QLIST_REMOVE(ioreq, list); +- memset(ioreq, 0, sizeof(*ioreq)); ++ ioreq_reset(ioreq); + ioreq->blkdev = blkdev; + QLIST_INSERT_HEAD(&blkdev->freelist, ioreq, list); + if (finish) { +-- +1.7.7.5 (Apple Git-26) + diff --git a/app-emulation/xen-tools/xen-tools-4.2.1-r3.ebuild b/app-emulation/xen-tools/xen-tools-4.2.1-r3.ebuild index 015e56346ab5..2b9750101d55 100644 --- a/app-emulation/xen-tools/xen-tools-4.2.1-r3.ebuild +++ b/app-emulation/xen-tools/xen-tools-4.2.1-r3.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2013 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen-tools/xen-tools-4.2.1-r3.ebuild,v 1.1 2013/05/15 17:47:47 idella4 Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen-tools/xen-tools-4.2.1-r3.ebuild,v 1.2 2013/05/16 05:26:22 idella4 Exp $ EAPI=5 @@ -194,9 +194,10 @@ src_prepare() { epatch "${FILESDIR}"/${PN/-tools/}-4.2.0-jserver.patch # add missing typedef - epatch "${FILESDIR}"/xen-4-ulong.patch + epatch "${FILESDIR}"/xen-4-ulong.patch \ + "${FILESDIR}"/${PN}-4.2-xen_disk_leak.patch - #Sec patch, currently valid + #Sec patches currently valid epatch "${FILESDIR}"/xen-4-CVE-2012-6075-XSA-41.patch \ "${FILESDIR}"/xen-4-CVE-2013-0215-XSA-38.patch \ "${FILESDIR}"/xen-4-CVE-2013-1919-XSA-46.patch \ diff --git a/app-emulation/xen-tools/xen-tools-4.2.2-r1.ebuild b/app-emulation/xen-tools/xen-tools-4.2.2-r1.ebuild index 8acb282adaee..cca5a597617a 100644 --- a/app-emulation/xen-tools/xen-tools-4.2.2-r1.ebuild +++ b/app-emulation/xen-tools/xen-tools-4.2.2-r1.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2013 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen-tools/xen-tools-4.2.2-r1.ebuild,v 1.1 2013/05/15 20:33:05 zx2c4 Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-emulation/xen-tools/xen-tools-4.2.2-r1.ebuild,v 1.2 2013/05/16 05:26:22 idella4 Exp $ EAPI=5 @@ -194,7 +194,8 @@ src_prepare() { epatch "${FILESDIR}"/${PN/-tools/}-4.2.0-jserver.patch # add missing header - epatch "${FILESDIR}"/xen-4-ulong.patch + epatch "${FILESDIR}"/xen-4-ulong.patch \ + "${FILESDIR}"/${PN}-4.2-xen_disk_leak.patch #Sec patch, currently valid epatch "${FILESDIR}"/xen-4-CVE-2012-6075-XSA-41.patch \ |