57 lines
2.0 KiB
Diff
57 lines
2.0 KiB
Diff
|
From 2437a06ff137c4bc856df096e42407c1f50b25b0 Mon Sep 17 00:00:00 2001
|
||
|
From: =?UTF-8?q?C=C3=A9dric=20Le=20Goater?= <clg@redhat.com>
|
||
|
Date: Wed, 12 Jul 2023 17:46:56 +0200
|
||
|
Subject: [PATCH 06/37] vfio/pci: Fix a use-after-free issue
|
||
|
MIME-Version: 1.0
|
||
|
Content-Type: text/plain; charset=UTF-8
|
||
|
Content-Transfer-Encoding: 8bit
|
||
|
|
||
|
RH-Author: Cédric Le Goater <clg@redhat.com>
|
||
|
RH-MergeRequest: 179: vfio: live migration support
|
||
|
RH-Bugzilla: 2192818
|
||
|
RH-Acked-by: Eric Auger <eric.auger@redhat.com>
|
||
|
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||
|
RH-Commit: [4/28] eca69a7e0a6fb8c1c70be8b91209a53b040e30ba (clegoate/qemu-kvm-c9s)
|
||
|
|
||
|
Bugzilla: https://bugzilla.redhat.com/2192818
|
||
|
|
||
|
commit b83b40b61484
|
||
|
Author: Zhenzhong Duan <zhenzhong.duan@intel.com>
|
||
|
Date: Wed May 17 10:46:51 2023 +0800
|
||
|
|
||
|
vfio/pci: Fix a use-after-free issue
|
||
|
|
||
|
vbasedev->name is freed wrongly which leads to garbage VFIO trace log.
|
||
|
Fix it by allocating a dup of vbasedev->name and then free the dup.
|
||
|
|
||
|
Fixes: 2dca1b37a760 ("vfio/pci: add support for VF token")
|
||
|
Suggested-by: Alex Williamson <alex.williamson@redhat.com>
|
||
|
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
|
||
|
Reviewed-by: Cédric Le Goater <clg@redhat.com>
|
||
|
Reviewed-by: Matthew Rosato <mjrosato@linux.ibm.com>
|
||
|
Acked-by: Alex Williamson <alex.williamson@redhat.com>
|
||
|
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
|
||
|
Signed-off-by: Cédric Le Goater <clg@redhat.com>
|
||
|
|
||
|
Signed-off-by: Cédric Le Goater <clg@redhat.com>
|
||
|
---
|
||
|
hw/vfio/pci.c | 2 +-
|
||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||
|
|
||
|
diff --git a/hw/vfio/pci.c b/hw/vfio/pci.c
|
||
|
index 6cd3a98c39..7c5e2b5996 100644
|
||
|
--- a/hw/vfio/pci.c
|
||
|
+++ b/hw/vfio/pci.c
|
||
|
@@ -3018,7 +3018,7 @@ static void vfio_realize(PCIDevice *pdev, Error **errp)
|
||
|
qemu_uuid_unparse(&vdev->vf_token, uuid);
|
||
|
name = g_strdup_printf("%s vf_token=%s", vbasedev->name, uuid);
|
||
|
} else {
|
||
|
- name = vbasedev->name;
|
||
|
+ name = g_strdup(vbasedev->name);
|
||
|
}
|
||
|
|
||
|
ret = vfio_get_device(group, name, vbasedev, errp);
|
||
|
--
|
||
|
2.39.3
|
||
|
|