On 5/5/21 11:35 AM, Marc-André Lureau wrote: > Hi > > On Wed, May 5, 2021 at 1:28 PM Li Qiang <liq...@gmail.com > <mailto:liq...@gmail.com>> wrote: > > Marc-André Lureau <marcandre.lur...@gmail.com > <mailto:marcandre.lur...@gmail.com>> 于2021年5月5日周三 下午5:10写道: > > > > Hi > > > > On Wed, May 5, 2021 at 9:21 AM Li Qiang <liq...@163.com > <mailto:liq...@163.com>> wrote: > >> > >> These security issue is low severity and is similar with the > >> virtio-vga/virtio-gpu device. All of them can be triggered by > >> the guest user. > >> > >> Li Qiang (7): > >> vhost-user-gpu: fix memory disclosure in virgl_cmd_get_capset_info > >> vhost-user-gpu: fix resource leak in 'vg_resource_create_2d' > >> vhost-user-gpu: fix memory leak in vg_resource_attach_backing > >> vhost-user-gpu: fix memory link while calling 'vg_resource_unref' > >> vhost-user-gpu: fix memory leak in 'virgl_cmd_resource_unref' > >> vhost-user-gpu: fix memory leak in 'virgl_resource_attach_backing' > >> vhost-user-gpu: fix OOB write in 'virgl_cmd_get_capset' > >> > >> contrib/vhost-user-gpu/vhost-user-gpu.c | 7 +++++++ > >> contrib/vhost-user-gpu/virgl.c | 17 ++++++++++++++++- > >> 2 files changed, 23 insertions(+), 1 deletion(-) > >> > >> -- > > > > > > The whole series looks good to me, and applies fixes that were > done earlier in virtio-gpu. > > Do you mean you have merged this series? > Should I tweak something such as "adding the original fix in > virtio-gpu"/"better mapping iov cleanup"?
Yes, and please also mention the corresponding CVE (CVE-2021-3544, CVE-2021-3545, CVE-2021-3546). > > > No I didn't. I was waiting for the answers to Prasad questions, and > eventually v2. > > Then either Gerd or me can queue this imho. > > -- > Marc-André Lureau
