a0f61528af
CVE-2016-7909: pcnet: Infinite loop in pcnet_rdra_addr (bz #1381196) CVE-2016-7994: virtio-gpu: memory leak in resource_create_2d (bz #1382667) CVE-2016-8577: 9pfs: host memory leakage in v9fs_read (bz #1383286) CVE-2016-8578: 9pfs: potential NULL dereferencein 9pfs routines (bz #1383292) CVE-2016-8668: OOB buffer access in rocker switch emulation (bz #1384898) CVE-2016-8669: divide by zero error in serial_update_parameters (bz #1384911) CVE-2016-8909: intel-hda: infinite loop in dma buffer stream (bz #1388053) Infinite loop vulnerability in a9_gtimer_update (bz #1388300) CVE-2016-9101: eepro100: memory leakage at device unplug (bz #1389539) CVE-2016-9103: 9pfs: information leakage via xattr (bz #1389643) CVE-2016-9102: 9pfs: memory leakage when creating extended attribute (bz #1389551) CVE-2016-9104: 9pfs: integer overflow leading to OOB access (bz #1389687) CVE-2016-9105: 9pfs: memory leakage in v9fs_link (bz #1389704) CVE-2016-9106: 9pfs: memory leakage in v9fs_write (bz #1389713) CVE-2016-9381: xen: incautious about shared ring processing (bz #1397385) CVE-2016-9921: Divide by zero vulnerability in cirrus_do_copy (bz #1399054) CVE-2016-9776: infinite loop while receiving data in mcf_fec_receive (bz #1400830) CVE-2016-9845: information leakage in virgl_cmd_get_capset_info (bz #1402247) CVE-2016-9846: virtio-gpu: memory leakage while updating cursor data (bz #1402258) CVE-2016-9907: usbredir: memory leakage when destroying redirector (bz #1402266) CVE-2016-9911: usb: ehci: memory leakage in ehci_init_transfer (bz #1402273) CVE-2016-9913: 9pfs: memory leakage via proxy/handle callbacks (bz #1402277) CVE-2016-10028: virtio-gpu-3d: OOB access while reading virgl capabilities (bz #1406368) CVE-2016-9908: virtio-gpu: information leakage in virgl_cmd_get_capset (bz #1402263) CVE-2016-9912: virtio-gpu: memory leakage when destroying gpu resource (bz #1402285)
45 lines
1.4 KiB
Diff
45 lines
1.4 KiB
Diff
From: Li Qiang <liq3ea@gmail.com>
|
|
Date: Wed, 23 Nov 2016 13:53:34 +0100
|
|
Subject: [PATCH] 9pfs: add cleanup operation for handle backend driver
|
|
|
|
In the init operation of handle backend dirver, it allocates a
|
|
handle_data struct and opens a mount file. We should free these
|
|
resources when the 9pfs device is unrealized. This is what this
|
|
patch does.
|
|
|
|
Signed-off-by: Li Qiang <liq3ea@gmail.com>
|
|
Reviewed-by: Greg Kurz <groug@kaod.org>
|
|
Signed-off-by: Greg Kurz <groug@kaod.org>
|
|
(cherry picked from commit 971f406b77a6eb84e0ad27dcc416b663765aee30)
|
|
---
|
|
hw/9pfs/9p-handle.c | 9 +++++++++
|
|
1 file changed, 9 insertions(+)
|
|
|
|
diff --git a/hw/9pfs/9p-handle.c b/hw/9pfs/9p-handle.c
|
|
index 3d77594..1687661 100644
|
|
--- a/hw/9pfs/9p-handle.c
|
|
+++ b/hw/9pfs/9p-handle.c
|
|
@@ -649,6 +649,14 @@ out:
|
|
return ret;
|
|
}
|
|
|
|
+static void handle_cleanup(FsContext *ctx)
|
|
+{
|
|
+ struct handle_data *data = ctx->private;
|
|
+
|
|
+ close(data->mountfd);
|
|
+ g_free(data);
|
|
+}
|
|
+
|
|
static int handle_parse_opts(QemuOpts *opts, struct FsDriverEntry *fse)
|
|
{
|
|
const char *sec_model = qemu_opt_get(opts, "security_model");
|
|
@@ -671,6 +679,7 @@ static int handle_parse_opts(QemuOpts *opts, struct FsDriverEntry *fse)
|
|
FileOperations handle_ops = {
|
|
.parse_opts = handle_parse_opts,
|
|
.init = handle_init,
|
|
+ .cleanup = handle_cleanup,
|
|
.lstat = handle_lstat,
|
|
.readlink = handle_readlink,
|
|
.close = handle_close,
|