| Message ID | 1499855752-18934-1-git-send-email-stefan.bader@canonical.com |
|---|---|
| State | New |
| Headers | show |
On 12.07.2017 12:35, Stefan Bader wrote: > From: Gerd Hoffmann <kraxel@redhat.com> > > Reported-by: 李强 <liqiang6-s@360.cn> > Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> > Link: http://patchwork.freedesktop.org/patch/msgid/20170406155941.458-1-kraxel@redhat.com > > CVE-2017-10810 Should have added that to the subject initially, sorry. -Stefan > > (cherry picked from commit 385aee965b4e4c36551c362a334378d2985b722a) > Signed-off-by: Stefan Bader <stefan.bader@canonical.com> > --- > > Fix pending in upstream 4.4.y queue. Can be cherry-picked into Z/Y/X. > Before v4.2 the virtio gpu driver did not exist. So T is not affected. > I updated the tracker with the correct breaks SHA1. > > -Stefan
On Wed, Jul 12, 2017 at 12:35:52PM +0200, Stefan Bader wrote: > From: Gerd Hoffmann <kraxel@redhat.com> > > Reported-by: 李强 <liqiang6-s@360.cn> > Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> > Link: http://patchwork.freedesktop.org/patch/msgid/20170406155941.458-1-kraxel@redhat.com > > CVE-2017-10810 > > (cherry picked from commit 385aee965b4e4c36551c362a334378d2985b722a) > Signed-off-by: Stefan Bader <stefan.bader@canonical.com> Acked-by: Seth Forshee <seth.forshee@canonical.com> Applied to artful/master-next, thanks.
On 07/12/17 12:35, Stefan Bader wrote: > From: Gerd Hoffmann <kraxel@redhat.com> > > Reported-by: 李强 <liqiang6-s@360.cn> > Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> > Link: http://patchwork.freedesktop.org/patch/msgid/20170406155941.458-1-kraxel@redhat.com > > CVE-2017-10810 > > (cherry picked from commit 385aee965b4e4c36551c362a334378d2985b722a) > Signed-off-by: Stefan Bader <stefan.bader@canonical.com> > --- > > Fix pending in upstream 4.4.y queue. Can be cherry-picked into Z/Y/X. > Before v4.2 the virtio gpu driver did not exist. So T is not affected. > I updated the tracker with the correct breaks SHA1. > > -Stefan > > > drivers/gpu/drm/virtio/virtgpu_object.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/drivers/gpu/drm/virtio/virtgpu_object.c b/drivers/gpu/drm/virtio/virtgpu_object.c > index 1483dae..6f66b73 100644 > --- a/drivers/gpu/drm/virtio/virtgpu_object.c > +++ b/drivers/gpu/drm/virtio/virtgpu_object.c > @@ -81,8 +81,10 @@ int virtio_gpu_object_create(struct virtio_gpu_device *vgdev, > return -ENOMEM; > size = roundup(size, PAGE_SIZE); > ret = drm_gem_object_init(vgdev->ddev, &bo->gem_base, size); > - if (ret != 0) > + if (ret != 0) { > + kfree(bo); > return ret; > + } > bo->dumb = false; > virtio_gpu_init_ttm_placement(bo, pinned); > > Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
Applied to xenial, yakkety and zesty master-next branches. Thanks. Cascardo.
diff --git a/drivers/gpu/drm/virtio/virtgpu_object.c b/drivers/gpu/drm/virtio/virtgpu_object.c index 1483dae..6f66b73 100644 --- a/drivers/gpu/drm/virtio/virtgpu_object.c +++ b/drivers/gpu/drm/virtio/virtgpu_object.c @@ -81,8 +81,10 @@ int virtio_gpu_object_create(struct virtio_gpu_device *vgdev, return -ENOMEM; size = roundup(size, PAGE_SIZE); ret = drm_gem_object_init(vgdev->ddev, &bo->gem_base, size); - if (ret != 0) + if (ret != 0) { + kfree(bo); return ret; + } bo->dumb = false; virtio_gpu_init_ttm_placement(bo, pinned);