qemu/0007-usb-xhci-fix-memory-leak-in-usb_xhci_exit.patch
Cole Robinson 3a13ddd514 CVE-2016-7155: pvscsi: OOB read and infinite loop (bz #1373463)
CVE-2016-7156: pvscsi: infinite loop when building SG list (bz #1373480)
CVE-2016-7156: pvscsi: infinite loop when processing IO requests (bz #1373480)
CVE-2016-7170: vmware_vga: OOB stack memory access (bz #1374709)
CVE-2016-7157: mptsas: invalid memory access (bz #1373505)
CVE-2016-7466: usb: xhci memory leakage during device unplug (bz #1377838)
CVE-2016-7423: scsi: mptsas: OOB access (bz #1376777)
CVE-2016-7422: virtio: null pointer dereference (bz #1376756)
CVE-2016-7908: net: Infinite loop in mcf_fec_do_tx (bz #1381193)
CVE-2016-8576: usb: xHCI: infinite loop vulnerability (bz #1382322)
CVE-2016-7995: usb: hcd-ehci: memory leak (bz #1382669)
2016-10-15 22:24:48 -04:00

30 lines
1.1 KiB
Diff

From: Li Qiang <liqiang6-s@360.cn>
Date: Tue, 13 Sep 2016 03:20:03 -0700
Subject: [PATCH] usb:xhci:fix memory leak in usb_xhci_exit
If the xhci uses msix, it doesn't free the corresponding
memory, thus leading a memory leak. This patch avoid this.
Signed-off-by: Li Qiang <liqiang6-s@360.cn>
Message-id: 57d7d2e0.d4301c0a.d13e9.9a55@mx.google.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit b53dd4495ced2432a0b652ea895e651d07336f7e)
---
hw/usb/hcd-xhci.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c
index 188f954..281a2a5 100644
--- a/hw/usb/hcd-xhci.c
+++ b/hw/usb/hcd-xhci.c
@@ -3709,8 +3709,7 @@ static void usb_xhci_exit(PCIDevice *dev)
/* destroy msix memory region */
if (dev->msix_table && dev->msix_pba
&& dev->msix_entry_used) {
- memory_region_del_subregion(&xhci->mem, &dev->msix_table_mmio);
- memory_region_del_subregion(&xhci->mem, &dev->msix_pba_mmio);
+ msix_uninit(dev, &xhci->mem, &xhci->mem);
}
usb_bus_release(&xhci->bus);